191726 – GLSAs 200705-21 and 200707-07 flag current media-video/mplayer versions as vulnerable, due to change in versioning scheme

Bug 191726 - GLSAs 200705-21 and 200707-07 flag current media-video/mplayer versions as vulnerable, due to change in versioning scheme

Summary: GLSAs 200705-21 and 200707-07 flag current media-video/mplayer versions as vu...

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	GLSA Errors (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Gentoo Security

URL:	http://sources.gentoo.org/viewcvs.py/...
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2007-09-08 17:44 UTC by David Leverton
Modified:	2007-10-12 18:13 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description David Leverton 2007-09-08 17:44:02 UTC

The mplayer versioning scheme was changed recently (see URL field and bug 175688), with versions of the form 1.0.xxxxxx replaced with 1.0_rc1_pxxxxxxxx.  GLSAs 200705-21 and 200707-07 refer to the old scheme, and since the new versions appear lower than the old ones, the GLSAs consider all current ones vulnerable.  The lowest version in the tree, 1.0_rc1_p20070622-r1, is equivalent to the old 1.0.20070622-r1, which /is/ marked unaffected by both GLSAs.

Comment 1 Rumen Yotov 2007-09-09 07:15:30 UTC

Hi,

+1
Rumen

Comment 2 Raphael Marichez (Falco) (RETIRED) gentoo-dev

2007-10-12 18:13:16 UTC

fixed in cvs. Since there has never been any vulnerable *_rc1_* ebuild, i just added an "unaffected <mplayer-1.0" that matches all 1.0_rc1 ebuilds until 1.0.