Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 500532 - GLSA 201402-08 should list net-misc/stunnel-3* as unaffected
Summary: GLSA 201402-08 should list net-misc/stunnel-3* as unaffected
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: GLSA Errors (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-02-06 16:26 UTC by Ulrich Müller
Modified: 2014-02-06 16:55 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Ulrich Müller gentoo-dev 2014-02-06 16:26:55 UTC 
GLSA 201402-08 lists all versions < 4.56-r1 of net-misc/stunnel as vulnerable. However, per https://secunia.com/advisories/52460/ only stunnel 4.x is affected: "This vulnerability is reported in versions 4.21 through 4.54."

I had already pointed this out in bug 460278 comment 18. The vulnerable features don't exist in stunnel-3*.
Comment 1 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2014-02-06 16:35:33 UTC 
the bug about 4.x branch, so, 3 obviously not affected and should not be listed
Comment 2 Chris Reffett (RETIRED) gentoo-dev Security 2014-02-06 16:47:45 UTC 
But the GLSA will warn people using stunnel-3.xx, which is not intended behavior. Fixing now.
Comment 3 Chris Reffett (RETIRED) gentoo-dev Security 2014-02-06 16:55:09 UTC 
Fixed in CVS, thanks for the report.