152087 – media-libs/netpbm-10.26.4[234] - multiple false positives

Bug 152087 - media-libs/netpbm-10.26.4[234] - multiple false positives

Summary: media-libs/netpbm-10.26.4[234] - multiple false positives

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	GLSA Errors (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	jaervosz
Keywords:

Depends on:
Blocks:

Reported:	2006-10-20 04:11 UTC by Jakub Moc (RETIRED)
Modified:	2007-08-14 10:24 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Jakub Moc (RETIRED) gentoo-dev

2006-10-20 04:11:34 UTC

media-libs/netpbm-10.26.31: vulnerable via glsa(200510-18) ( ver < 10.29 ), affects ('alpha', 'amd64', 'arm', 'hppa', 'ia64', 'mips', 's390', 'sh', 'sparc', 'x86')
media-libs/netpbm-10.26.31: vulnerable via glsa(200508-04) ( ver < 10.28 ), affects ('alpha', 'amd64', 'arm', 'hppa', 'ia64', 'mips', 's390', 'sh', 'sparc', 'x86')
media-libs/netpbm-10.26.32: vulnerable via glsa(200510-18) ( ver < 10.29 ), affects ('alpha', 'amd64', 'arm', 'hppa', 'ia64', 'mips', 's390', 'sh', 'sparc', 'x86')
media-libs/netpbm-10.26.32: vulnerable via glsa(200508-04) ( ver < 10.28 ), affects ('alpha', 'amd64', 'arm', 'hppa', 'ia64', 'mips', 's390', 'sh', 'sparc', 'x86')

Well, these are pretty recent versions but the upstream versioning scheme is retarded :(

Comment 1 SpanKY gentoo-dev

2006-10-31 01:23:27 UTC

it isnt retarded ... it's called maintaining a stable branch

Comment 2 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2006-11-24 14:03:42 UTC

GLSA updated. Sorry for the delay.

Comment 3 Jakub Moc (RETIRED) gentoo-dev

2007-08-04 11:02:06 UTC

This versioning is causing this bug to occur over and over again.

media-libs/netpbm-10.26.42: vulnerable via glsa(200510-18) ( ver < 10.29 && ver not = 10.26.32 && ver not = 10.26.33 ), keywords ('alpha', 'amd64', 'arm', 'hppa', 'ia64', 'mips', 's390', 'sh', 'sparc', 'x86')
media-libs/netpbm-10.26.42: vulnerable via glsa(200508-04) ( ver < 10.28 && ver not = 10.26.32 && ver not = 10.26.33 ), keywords ('alpha', 'amd64', 'arm', 'hppa', 'ia64', 'mips', 's390', 'sh', 'sparc', 'x86')
media-libs/netpbm-10.26.43: vulnerable via glsa(200510-18) ( ver < 10.29 && ver not = 10.26.32 && ver not = 10.26.33 ), keywords ('alpha', 'amd64', 'arm', 'hppa', 'ia64', 'mips', 's390', 'sh', 'sparc', 'x86')
media-libs/netpbm-10.26.43: vulnerable via glsa(200508-04) ( ver < 10.28 && ver not = 10.26.32 && ver not = 10.26.33 ), keywords ('alpha', 'amd64', 'arm', 'hppa', 'ia64', 'mips', 's390', 'sh', 'sparc', 'x86')
media-libs/netpbm-10.26.44: vulnerable via glsa(200510-18) ( ver < 10.29 && ver not = 10.26.32 && ver not = 10.26.33 ), keywords ('alpha', 'amd64', 'arm', 'hppa', 'ia64', 'mips', 's390', 'sh', 'sparc', 'x86')
media-libs/netpbm-10.26.44: vulnerable via glsa(200508-04) ( ver < 10.28 && ver not = 10.26.32 && ver not = 10.26.33 ), keywords ('alpha', 'amd64', 'arm', 'hppa', 'ia64', 'mips', 's390', 'sh', 'sparc', 'x86')

Comment 4 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2007-08-14 10:24:54 UTC

GLSAs updated yet again.