$ glsa-check -p 201206-15 Checking GLSA 201206-15 >>> No upgrade path exists for these packages: media-libs/libpng-1.2.51 Presumably, the list of unaffected versions needs an update.
1.2.51 is not vulnerable, neither is 1.5.18. Both of which are going stable from bug 503014. GLSA is broken.
don't know how specific the glsa needs to be, but... emerge --oneshot --noreplace '>=media-libs/libpng-1.2.51:1.2' emerge --oneshot --noreplace '>=media-libs/libpng-1.5.18:1.5' emerge --oneshot --noreplace '>=media-libs/libpng-1.6.10:0'
Currently the GLSA says: Vulnerable: <1.5.10 Unaffected: >=1.5.10, >=~1.2.49, >=~1.2.50 So looks like it needs to be updated for 1.2* only.
Vulnerable ones: < 1.5.10:0, < 1.5.10:1.5, <1.2.49:1.2 Unvulnerable ones: >=1.5.10:0, >=1.5.10:1.5, >=1.2.49:1.2
First one should be... "all users are recommended to upgrade to latest"... albeit it will pull in 1.6 nowdays, but that's irrelevant, so: emerge --ask --oneshot --verbose ">=media-libs/libpng-1.5.10:0" second... "all slot 1.5 users should..." emerge --ask --oneshot --verbose ">=media-libs/libpng-1.5.10:1.5" third... "all 1.2 slot users should..." emerge --ask --oneshot --verbose ">=media-libs/libpng-1.2.49:1.2"
Same here, and some more wrong GLSAs glsa-check -t all This system is affected by the following GLSAs: 201209-02 201206-15 201010-01 glsa-check -p 201209-02 Checking GLSA 201209-02 >>> No upgrade path exists for these packages: media-libs/tiff-3.9.7-r1 glsa-check -p 201206-15 Checking GLSA 201206-15 >>> No upgrade path exists for these packages: media-libs/libpng-1.2.51 glsa-check -p 201010-01 Checking GLSA 201010-01 >>> No upgrade path exists for these packages: media-libs/libpng-1.2.51 eix -Ic libpng [I] media-libs/libpng (1.2.51(1.2)@11.04.2014 1.6.10@11.04.2014): Portable Network Graphics library eix -Ic tiff [I] media-libs/tiff (3.9.7-r1(3)@08.04.2014 4.0.3-r6@23.03.2014): Tag Image File Format (TIFF) library The latest packages for all slots are already installed. Also all are marked as stable.
GLSA is still broken and reports wrong positives... Has really no one interest to resolve this errors?
Created attachment 378064 [details, diff] Update to glsa This got rid of the (false) glsa warning on my setup
Thanks guys, fixes commited
@David Flogeras & Sergey Popov Thank you very much for fixing this nasty bug! glsa-check -t all This system is not affected by any of the listed GLSAs