Comment 1 Jakub Moc (RETIRED) 2006-07-15 08:40:00 UTC

Also:

dev-util/cscope-15.5-r3: vulnerable via glsa(200606-10) ( ver-rev < 15.5-r6 ), affects ('alpha', 'amd64', 'arm', 'hppa', 'ia64', 'mips', 'ppc', 'ppc64', 's390', 'sparc', 'x86')
dev-util/cscope-15.5-r4: vulnerable via glsa(200606-10) ( ver-rev < 15.5-r6 ), affects ('alpha', 'amd64', 'arm', 'hppa', 'ia64', 'mips', 'ppc', 'ppc64', 's390', 'sparc', 'x86')
dev-util/cscope-15.5-r5: vulnerable via glsa(200606-10) ( ver-rev < 15.5-r6 ), affects ('alpha', 'amd64', 'arm', 'hppa', 'ia64', 'mips', 'ppc', 'ppc64', 's390', 'sparc', 'x86', 'x86-fbsd')

Comment 2 Ulrich Müller 2006-07-15 12:03:53 UTC

(In reply to comment #0)
> app-editors/emacs-18.59: vulnerable via glsa(200502-20) ( ver < 21.4 ), affects
> ('x86',)
> 
> Please, clean up the above.

The "movemail" that comes with emacs-18.59 does not use POP (it is compiled without MAIL_USE_POP), therefore neither CVE-2005-0100 nor GLSA 200502-20 apply here.

Please RESOLVE as INVALID.

Comment 3 Jakub Moc (RETIRED) 2006-07-15 14:17:47 UTC

(In reply to comment #2)
> The "movemail" that comes with emacs-18.59 does not use POP (it is compiled
> without MAIL_USE_POP), therefore neither CVE-2005-0100 nor GLSA 200502-20 apply
> here.

Well, then we need to fix GLSA-200502-20 or this will be triggered over and over again. CCing security.

Comment 4 Ulrich Müller 2006-07-15 15:44:18 UTC

Probably "< 19" should be added to Unaffected.

In a way, GLSA 200502-20 is self-contradictory: The Resolution applies only to SLOT=21 (and does _not_ remove the unaffected version 18.59).

Comment 5 Sune Kloppenborg Jeppesen (RETIRED) 2006-07-23 12:51:54 UTC

@security: GLSA updated in GLSAmaker, please review/commit.

Comment 6 Matthew Kennedy (RETIRED) 2006-08-09 19:05:25 UTC

Please spell out exactly what needs to be done here.

Comment 7 Jakub Moc (RETIRED) 2006-08-10 02:25:52 UTC

(In reply to comment #6)
> Please spell out exactly what needs to be done here.

Nuke the cscope versions in Comment #1; the old emacs is OK. Thanks.

Comment 8 Jakub Moc (RETIRED) 2006-08-10 02:26:52 UTC

(In reply to comment #5)
> @security: GLSA updated in GLSAmaker, please review/commit.

Yeah, and please commit the updated GLSA as well. 

Comment 9 Raphael Marichez (Falco) (RETIRED) 2006-08-11 02:49:15 UTC

(In reply to comment #5)
> @security: GLSA updated in GLSAmaker, please review/commit.
> 

approval and commited, thanks.

The bug is still open since comment #1 is not fixed yet.

Comment 10 Matthew Kennedy (RETIRED) 2006-08-12 10:57:02 UTC

Removed the affected ebuilds.

--- ChangeLog	2006-07-09 00:30:10.000000000 -0500
+++ ChangeLog.new	2006-08-12 12:55:04.000000000 -0500
@@ -2,6 +2,10 @@
 # Copyright 2002-2006 Gentoo Foundation; Distributed under the GPL v2
 # $Header: /var/cvsroot/gentoo-x86/dev-util/cscope/ChangeLog,v 1.67 2006/07/09 05:30:10 kumba Exp $
 
+  12 Aug 2006; Matthew Kennedy <mkennedy@gentoo.org> -cscope-15.5-r3.ebuild,
+  -cscope-15.5-r4.ebuild, -cscope-15.5-r5.ebuild:
+  Removed old ebuilds.
+

Comment 11 Jakub Moc (RETIRED) 2006-08-12 10:59:18 UTC

All done then, thanks everyone.