152081 – dev-db/postgresql - multiple false GLSA positives

Bug 152081 - dev-db/postgresql - multiple false GLSA positives

Summary: dev-db/postgresql - multiple false GLSA positives

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	GLSA Errors (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2006-10-20 03:40 UTC by Jakub Moc (RETIRED)
Modified:	2007-09-23 00:14 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Jakub Moc (RETIRED) gentoo-dev

2006-10-20 03:40:57 UTC

Didn't check all of them, but most seem wrong (like, the 2004/2005 ones for newest 7.4* and 7.3* versions):

dev-db/postgresql-7.3.11: vulnerable via glsa(200410-16) ( ver-rev <= 7.4.5-r1 && ver-rev not >= 7.4.5-r2 && not ( ver = 7.3.7 && ver-rev >= 7.3.7-r2 ) ), affects ('alpha', 'amd64', 'arm', 'hppa', 'ia64', 'mips', 'ppc', 's390', 'sh', 'sparc', 'x86')
dev-db/postgresql-7.3.11: vulnerable via glsa(200607-04) ( ver < 8.0.8 && ver not = 7.4.13 ), affects ('alpha', 'amd64', 'arm', 'hppa', 'ia64', 'mips', 'ppc', 's390', 'sh', 'sparc', 'x86')
dev-db/postgresql-7.3.15-r1: vulnerable via glsa(200410-16) ( ver-rev <= 7.4.5-r1 && ver-rev not >= 7.4.5-r2 && not ( ver = 7.3.7 && ver-rev >= 7.3.7-r2 ) ), affects ('alpha', 'amd64', 'arm', 'hppa', 'ia64', 'mips', 'ppc', 's390', 'sh', 'sparc', 'x86')
dev-db/postgresql-7.3.15-r1: vulnerable via glsa(200607-04) ( ver < 8.0.8 && ver not = 7.4.13 ), affects ('alpha', 'amd64', 'arm', 'hppa', 'ia64', 'mips', 'ppc', 's390', 'sh', 'sparc', 'x86')
dev-db/postgresql-7.3.15-r1: vulnerable via glsa(200505-12) ( ver-rev < 8.0.2-r1 && ver not = 7.3.10 && ver not = 7.3.11 && ver not = 7.3.12 && ver not = 7.3.13 && not ( ver = 7.4.7 && ver-rev >= 7.4.7-r2 ) && ver not = 7.4.8 && ver not = 7.4.9 && ver not = 7.4.10 && ver not = 7.4.11 && not ( ver = 8.0.1 && ver-rev >= 8.0.1-r3 ) ), affects ('alpha', 'amd64', 'arm', 'hppa', 'ia64', 'mips', 'ppc', 's390', 'sh', 'sparc', 'x86')
dev-db/postgresql-7.3.15-r1: vulnerable via glsa(200502-08) ( ver < 8.0.1 && ver not = 7.3.10 && ver not = 7.3.11 && ver not = 7.3.12 && ver not = 7.3.13 && ver not = 7.4.7 && ver not = 7.4.8 && ver not = 7.4.9 && ver not = 7.4.10 && ver not = 7.4.11 ), affects ('alpha', 'amd64', 'arm', 'hppa', 'ia64', 'mips', 'ppc', 's390', 'sh', 'sparc', 'x86')
dev-db/postgresql-7.3.15-r1: vulnerable via glsa(200502-19) ( ver-rev < 8.0.1-r1 && not ( ver = 7.3.9 && ver-rev >= 7.3.9-r1 ) && ver not = 7.3.10 && ver not = 7.3.11 && ver not = 7.3.12 && ver not = 7.3.13 && not ( ver = 7.4.7 && ver-rev >= 7.4.7-r1 ) && ver not = 7.4.8 && ver not = 7.4.9 && ver not = 7.4.10 && ver not = 7.4.11 ), affects ('alpha', 'amd64', 'arm', 'hppa', 'ia64', 'mips', 'ppc', 's390', 'sh', 'sparc', 'x86')
dev-db/postgresql-7.4.13: vulnerable via glsa(200505-12) ( ver-rev < 8.0.2-r1 && ver not = 7.3.10 && ver not = 7.3.11 && ver not = 7.3.12 && ver not = 7.3.13 && not ( ver = 7.4.7 && ver-rev >= 7.4.7-r2 ) && ver not = 7.4.8 && ver not = 7.4.9 && ver not = 7.4.10 && ver not = 7.4.11 && not ( ver = 8.0.1 && ver-rev >= 8.0.1-r3 ) ), affects ('alpha', 'amd64', 'arm', 'hppa', 'ia64', 'mips', 'ppc', 'ppc64', 's390', 'sh', 'sparc', 'x86')
dev-db/postgresql-7.4.13: vulnerable via glsa(200502-08) ( ver < 8.0.1 && ver not = 7.3.10 && ver not = 7.3.11 && ver not = 7.3.12 && ver not = 7.3.13 && ver not = 7.4.7 && ver not = 7.4.8 && ver not = 7.4.9 && ver not = 7.4.10 && ver not = 7.4.11 ), affects ('alpha', 'amd64', 'arm', 'hppa', 'ia64', 'mips', 'ppc', 'ppc64', 's390', 'sh', 'sparc', 'x86')
dev-db/postgresql-7.4.13: vulnerable via glsa(200502-19) ( ver-rev < 8.0.1-r1 && not ( ver = 7.3.9 && ver-rev >= 7.3.9-r1 ) && ver not = 7.3.10 && ver not = 7.3.11 && ver not = 7.3.12 && ver not = 7.3.13 && not ( ver = 7.4.7 && ver-rev >= 7.4.7-r1 ) && ver not = 7.4.8 && ver not = 7.4.9 && ver not = 7.4.10 && ver not = 7.4.11 ), affects ('alpha', 'amd64', 'arm', 'hppa', 'ia64', 'mips', 'ppc', 'ppc64', 's390', 'sh', 'sparc', 'x86')

Comment 1 Raphael Marichez (Falco) (RETIRED) gentoo-dev

2007-02-26 16:14:49 UTC

Fixed now; thanks for the report and sorry for the delay, please go on filing some bugs when you find false-positive.