From GLSA 201110-01: ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-libs/openssl < 1.0.0e >= 1.0.0e Perhaps you meant to indicate that the GLSA only applies to the 1.0 slot, or perhaps we should be masking 0.9. It appears the same issue exists with the xml file, which means glsa-check will return false positives. Reproducible: Always
Fixed in CVS.