app-editors/emacs-18.59: vulnerable via glsa(200502-20) ( ver < 21.4 ), affects ('x86',) Please, clean up the above.
Also: dev-util/cscope-15.5-r3: vulnerable via glsa(200606-10) ( ver-rev < 15.5-r6 ), affects ('alpha', 'amd64', 'arm', 'hppa', 'ia64', 'mips', 'ppc', 'ppc64', 's390', 'sparc', 'x86') dev-util/cscope-15.5-r4: vulnerable via glsa(200606-10) ( ver-rev < 15.5-r6 ), affects ('alpha', 'amd64', 'arm', 'hppa', 'ia64', 'mips', 'ppc', 'ppc64', 's390', 'sparc', 'x86') dev-util/cscope-15.5-r5: vulnerable via glsa(200606-10) ( ver-rev < 15.5-r6 ), affects ('alpha', 'amd64', 'arm', 'hppa', 'ia64', 'mips', 'ppc', 'ppc64', 's390', 'sparc', 'x86', 'x86-fbsd')
(In reply to comment #0) > app-editors/emacs-18.59: vulnerable via glsa(200502-20) ( ver < 21.4 ), affects > ('x86',) > > Please, clean up the above. The "movemail" that comes with emacs-18.59 does not use POP (it is compiled without MAIL_USE_POP), therefore neither CVE-2005-0100 nor GLSA 200502-20 apply here. Please RESOLVE as INVALID.
(In reply to comment #2) > The "movemail" that comes with emacs-18.59 does not use POP (it is compiled > without MAIL_USE_POP), therefore neither CVE-2005-0100 nor GLSA 200502-20 apply > here. Well, then we need to fix GLSA-200502-20 or this will be triggered over and over again. CCing security.
Probably "< 19" should be added to Unaffected. In a way, GLSA 200502-20 is self-contradictory: The Resolution applies only to SLOT=21 (and does _not_ remove the unaffected version 18.59).
@security: GLSA updated in GLSAmaker, please review/commit.
Please spell out exactly what needs to be done here.
(In reply to comment #6) > Please spell out exactly what needs to be done here. Nuke the cscope versions in Comment #1; the old emacs is OK. Thanks.
(In reply to comment #5) > @security: GLSA updated in GLSAmaker, please review/commit. Yeah, and please commit the updated GLSA as well.
(In reply to comment #5) > @security: GLSA updated in GLSAmaker, please review/commit. > approval and commited, thanks. The bug is still open since comment #1 is not fixed yet.
Removed the affected ebuilds. --- ChangeLog 2006-07-09 00:30:10.000000000 -0500 +++ ChangeLog.new 2006-08-12 12:55:04.000000000 -0500 @@ -2,6 +2,10 @@ # Copyright 2002-2006 Gentoo Foundation; Distributed under the GPL v2 # $Header: /var/cvsroot/gentoo-x86/dev-util/cscope/ChangeLog,v 1.67 2006/07/09 05:30:10 kumba Exp $ + 12 Aug 2006; Matthew Kennedy <mkennedy@gentoo.org> -cscope-15.5-r3.ebuild, + -cscope-15.5-r4.ebuild, -cscope-15.5-r5.ebuild: + Removed old ebuilds. +
All done then, thanks everyone.