glsa-check seems to be confused with glsa 200506-14: # glsa-check -V glsa-check, version 0.5 Author: Marius Mauch <genone@gentoo.org> This program is licensed under the GPL, version 2 # glsa-check -t 200506-14 This system is affected by the following GLSA: 200506-14 # glsa-check -p 200506-14 Checking GLSA 200506-14 The following updates will be performed for this GLSA: dev-java/blackdown-jdk-1.4.2.02 (1.4.2.02) As you can see, he fixed version is allready installed, so it should be fixed, and glsa-check shouldnt list it as vulnerable. The GLSA itself seems to be correct: <package name="dev-java/blackdown-jdk" auto="yes" arch="*"> <unaffected range="ge">1.4.2.02</unaffected> <vulnerable range="lt">1.4.2.02</vulnerable> </package>
I also have problem with this GLSA. I do no have java even installed on machine, but glsa-chek tries to install dev-java/blackdown-jdk-1.4.2.02 (1.4.2.02). Also,it tries to re-emerge dev-lang/python-2.3.5-r2 , although system already has this version. Below is emerge info output: Gentoo Base System version 1.6.13 Portage 2.0.51.22-r2 (hardened/x86, gcc-3.3.6, glibc-2.3.5-r1, 2.4.31-hardened i 686) ================================================================= System uname: 2.4.31-hardened i686 Pentium III (Coppermine) dev-lang/python: 2.2.3-r1, 2.3.5-r2 sys-apps/sandbox: 1.2.12 sys-devel/autoconf: 2.13, 2.59-r6 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6 sys-devel/binutils: 2.15.92.0.2-r10 sys-devel/libtool: 1.4.3-r1, 1.5.18-r1 virtual/os-headers: 2.4.19-r1, 2.4.22-r1 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-O2 -mcpu=i686 -funroll-loops -pipe" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config /usr/share/ config /var/qmail/alias /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-O2 -mcpu=i686 -funroll-loops -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig distlocks sandbox sfperms strict" GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/Linux/ distributions/gentoo" PKGDIR="/usr/portage//packages/x86/" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage/" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="apache2 berkdb crypt dba dlloader gdbm hardened innodb lvm lvm2 maildir mys ql ncurses nls pam perl pic png python readline srvdir ssl tcpd tiff userlocales x86 xml2 zlib userland_GNU kernel_linux elibc_glibc" Unset: ASFLAGS, CTARGET, LANG, LC_ALL, LDFLAGS, LINGUAS, MAKEOPTS, PORTDIR_OVER LAY
Are you sure you don't have an old version installed? Try emerge unmerge -pv blackdown-jdk I had to manually unmerge "dev-java/blackdown-jdk-1.4.1", after running "gla-check -f 200506-14".
You are right. Removing the old version fixed this so I close this bug.