rge dev-java/sun-jdk-1.5.0.17 needs to be added to unaffected for glsa 200804-20 Now, sadly a problem with glsa-check's handling of rge is actually *showing* unaffected right now, but paludis (which handles it correctly) shows affected. And if we get glsa-check fixed, it would too. Reproducible: Always Steps to Reproduce: 1. paludis -i =dev-java/sun-jdk-1.5.0.17 2. paludis -r Actual Results: * dev-java/sun-jdk-1.5.0.17::installed NOT OK This package has following security issues: GLSA-200804-20: "Sun JDK/JRE: Multiple vulnerabilities" -> /var/paludis/repositories/portage/metadata/glsa/glsa-200804-20.xml Expected Results: unaffected
dev-java/sun-jdk-1.4.2.19 should not be affected by GLSA-200701-15, GLSA-200702-07, GLSA-200705-23 or GLSA-200804-20 either
Created attachment 181201 [details, diff] fix GLSA-200701-15, GLSA-200702-07, GLSA-200705-23 and GLSA-200804-20 for dev-java/sun-jdk-1.4.2.19 and dev-java/sun-jdk-1.5.0.17
@security-team: can anyone please post the current state of this issue? tia
this bug is open and (from my point of view) untouched for 4 months. is there a reason the 4 related xml files are not updated yet?
(In reply to comment #4) > this bug is open and (from my point of view) untouched for 4 months. is there a > reason the 4 related xml files are not updated yet? > Yes, there is. The current tool we use to write/edit glsas doesn't handle that much <unaffected> tags. We're working on a complete rewrite of that tool, and on an update of the glsa DTD which will include package slots support. Please see http://thread.gmane.org/gmane.linux.gentoo.devel/61595/focus=61598 and http://thread.gmane.org/gmane.linux.gentoo.devel/60988/focus=61576 for further details.
(In reply to comment #5) > Yes, there is. The current tool we use to write/edit glsas doesn't handle that > much <unaffected> tags. We're working on a complete rewrite of that tool, and > on an update of the glsa DTD which will include package slots support. Great, thanks for the clarification!
Closing this, versions affected by this are long gone from portage.