I upgraded OpenSSL from 0.9.8y to 0.9.8z_p1-r1, and glsa-check reports the system as affected by: 201110-01 201312-03 201203-12 201404-07 I wonder whether there might be a problem with the version string? Reproducible: Always Steps to Reproduce: 1. emerge openssl to version 0.9.8z_p1-r1 2. run glsa-check Actual Results: This system is affected by the following GLSAs: 201110-01 201312-03 201203-12 201404-07 Expected Results: No GLSAs
(In reply to Romain Riviere from comment #0) > I upgraded OpenSSL from 0.9.8y to 0.9.8z_p1-r1, and glsa-check reports the > system as affected by: > 201110-01 > 201312-03 > 201203-12 > 201404-07 > I wonder whether there might be a problem with the version string? Thanks for the report and list of affected GLSAs. Sadly this is a limitation of the current GLSA format that does not allow proper handling of slotting, so older slots require explicit "not affected" specification. As this is a new package release (and indeed in a version string that has not previously been defined), the older GLSAs needs to be updated.
This issue was fixed on 2014-07-07.