255116 – dev-java/sun-jdk-1.5.0.17 should be unaffected by glsa 200804-20

Bug 255116 - dev-java/sun-jdk-1.5.0.17 should be unaffected by glsa 200804-20

Summary: dev-java/sun-jdk-1.5.0.17 should be unaffected by glsa 200804-20

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	GLSA Errors (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2009-01-16 00:31 UTC by Ben Kohler
Modified:	2010-01-05 20:29 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
fix GLSA-200701-15, GLSA-200702-07, GLSA-200705-23 and GLSA-200804-20 for dev-java/sun-jdk-1.4.2.19 and dev-java/sun-jdk-1.5.0.17 (java_glsa.patch,4.06 KB, patch) 2009-02-06 23:09 UTC, Robert A.	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Ben Kohler gentoo-dev

2009-01-16 00:31:38 UTC

rge dev-java/sun-jdk-1.5.0.17 needs to be added to unaffected for glsa 200804-20

Now, sadly a problem with glsa-check's handling of rge is actually *showing* unaffected right now, but paludis (which handles it correctly) shows affected.  And if we get glsa-check fixed, it would too.

Reproducible: Always

Steps to Reproduce:
1.  paludis -i =dev-java/sun-jdk-1.5.0.17
2.  paludis -r

Actual Results:  
* dev-java/sun-jdk-1.5.0.17::installed NOT OK
    This package has following security issues:
    GLSA-200804-20: "Sun JDK/JRE: Multiple vulnerabilities"
        -> /var/paludis/repositories/portage/metadata/glsa/glsa-200804-20.xml


Expected Results:  
unaffected

Comment 1 Robert A. 2009-02-06 23:02:59 UTC

dev-java/sun-jdk-1.4.2.19 should not be affected by GLSA-200701-15, GLSA-200702-07, GLSA-200705-23 or GLSA-200804-20 either

Comment 2 Robert A. 2009-02-06 23:09:33 UTC

Created attachment 181201 [details, diff]
fix GLSA-200701-15, GLSA-200702-07, GLSA-200705-23 and GLSA-200804-20 for dev-java/sun-jdk-1.4.2.19 and dev-java/sun-jdk-1.5.0.17

Comment 3 Robert A. 2009-02-18 11:55:46 UTC


@security-team:
can anyone please post the current state of this issue? tia

Comment 4 Robert A. 2009-05-14 20:25:41 UTC

this bug is open and (from my point of view) untouched for 4 months. is there a reason the 4 related xml files are not updated yet?

Comment 5 Pierre-Yves Rofes (RETIRED) gentoo-dev

2009-05-26 15:11:20 UTC

(In reply to comment #4)
> this bug is open and (from my point of view) untouched for 4 months. is there a
> reason the 4 related xml files are not updated yet?
> 

Yes, there is. The current tool we use to write/edit glsas doesn't handle that much <unaffected> tags. We're working on a complete rewrite of that tool, and on an update of the glsa DTD which will include package slots support.

Please see http://thread.gmane.org/gmane.linux.gentoo.devel/61595/focus=61598 and http://thread.gmane.org/gmane.linux.gentoo.devel/60988/focus=61576 for further details.

Comment 6 Robert A. 2009-05-29 09:43:51 UTC

(In reply to comment #5)
> Yes, there is. The current tool we use to write/edit glsas doesn't handle that
> much <unaffected> tags. We're working on a complete rewrite of that tool, and
> on an update of the glsa DTD which will include package slots support.

Great, thanks for the clarification!

Comment 7 Ben Kohler gentoo-dev

2010-01-05 20:29:49 UTC

Closing this, versions affected by this are long gone from portage.