GLSA 200905-05 lists versions less than 2.3.9-r1 as vulnerable, but version 1.4_pre20080316-r1 remains in-tree in a different slot. I have no idea if this verison is vulnerable or not - I'm guessing it isn't and this is just a GLSA error. However, either the xml should be fixed or the vulnerable package should be updated (and the xml fixed). Reproducible: Always
revision 1.2 date: 2009-05-25 22:33:15 +0200; author: a3li; state: Exp; lines: +2 -1; commitid: 6af34a1b003b4567; GLSA 200905-05: Mark <2.0 as unaffected, bug 271194. Done, thanks.