+++ This bug was initially created as a clone of Bug #379859 +++ Today, glsa-check reports that my system would be affected by a vulnerability in net-misc/stunnel-3.26. However, the upstream bug clearly states that only versions 4.40 and 4.41 are affected, so it is a false positive. Could the GLSA be fixed please, such that stunnel-3* is excepted from the list of vulnerable versions? (In fact, it looks like there never was any vulnerable version of stunnel in the Portage tree. It was updated from 4.36 to 4.44 immediately.)
Ping (after three months).
Sorry for the delay; there was an issue bringing the GLSA back up in GLSAMaker for editing. I have committed GLSA 201202-08:2 which adds <net-misc/stunnel-4 as unaffected: http://www.gentoo.org/security/en/glsa/glsa-201202-08.xml No errata to be published: Error in affected/unaffected versions number, but people using stable packages and applying GLSA instructions are protected anyway