Needs PORTREVISON bump and rebuild with Go 1.11.5 [1] to fix CVE-2019-6486 [2] which affects software relying on 'crypto/elliptic' [3] [1] https://golang.org/doc/devel/release.html#go1.11 [2] https://nvd.nist.gov/vuln/detail/CVE-2019-6486 [3] https://github.com/golang/go/issues?q=milestone%3AGo1.11.5+label%3ACherryPickApproved
lang/go updated to 1.11.5 in ports r491092 by jlaffaye, but can't see it was marked for MFH, nor a VuXML entry If this port needs a PORTREVISION bump after lang/go CVE update, what other ports need PORTREVISION bumps too?
As a security fix release lang/go 1.11.5 probably needs VuXML and should be MFH. I don't have an exhaustive list of port that are affected by CVE-2019-6486 and need rebuilding. I guess it's up to maintainers to check go list -deps ./... | grep "crypto\/elliptic" and decide if PORTREVISION bump would be warranted.
A commit references this bug: Author: sunpoet Date: Mon Jan 28 18:58:30 UTC 2019 New revision: 491509 URL: https://svnweb.freebsd.org/changeset/ports/491509 Log: Bump PORTREVISION to force rebuild after golang 1.11.5 security update PR: 235186 Reported by: Dmitri Goutnik <dg@syrec.org> Changes: head/security/keybase/Makefile
Committed. Thanks!