Date: Wed, 2 Sep 2015 12:54:56 -0700 From: Kevin Oberman <rkoberman@gmail.com> To: Rob Belics <rob@spartantheatre.org> Cc: FreeBSD Ports ML <freebsd-ports@freebsd.org> Subject: Re: lang/go security problem on one but not the other Message-ID: <CAN6yY1s7S-bmKjYah9c0hFdOFwC0kwoQAuzNAT3ddoFtgiFO0Q@mail.gmail.com> In-Reply-To: <CAPu-kW8DxfvMqmU0K0xYOs30Ze0phKmLg0uu=9Jw-7=4CcZ3hA@mail.gmail.com> References: <CAPu-kW-dP1NgZswSzgdXw2ZOqKo=Wk5E=ORiLVw5fBfNF4dQww@mail.gmail.com> <CAN6yY1vmK=d_mazQ_pdsDg0pQAWjRV-ReRwXD_d8w3xGTo7cmQ@mail.gmail.com> <CAPu-kW8DxfvMqmU0K0xYOs30Ze0phKmLg0uu=9Jw-7=4CcZ3hA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Sep 2, 2015 at 9:53 AM, Rob Belics <rob@spartantheatre.org> wrote: > I must have replied incorrectly. The dates on the two systems are > different. The one that it does NOT build on shows vuln.xml as September 1 > while the other system builds and the date is June 25. > > I'm confused because I would think the newer date would have built. How do > I get this sync'ed properly and why is it not sync'ed? I update ports with > portsnap. > No, this is correct. the vulnerability was not reported until 28-Aug, so it is not in the database for the system where the database is not getting updated. go-1.4.2 is vulnerable on either system, but the system with the July 25 database simply does not know it. The information I just sent is correct. It is the vulnerability database that is preventing the installation and not the port, so the problem will remain until go14 is updated to 1.4.3. -- Kevin Oberman, Network Engineer, Retired E-mail: rkoberman@gmail.com PGP Fingerprint: D03FB98AFA78E3B78C1694B318AB39EF1B055683
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAN6yY1s7S-bmKjYah9c0hFdOFwC0kwoQAuzNAT3ddoFtgiFO0Q>