515496 – openssl-0.9.8z_p1-r1 should not trigger GLSAs

Bug 515496 - openssl-0.9.8z_p1-r1 should not trigger GLSAs

Summary: openssl-0.9.8z_p1-r1 should not trigger GLSAs

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	GLSA Errors (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2014-06-27 10:44 UTC by Romain Riviere
Modified:	2014-07-16 12:00 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Romain Riviere 2014-06-27 10:44:47 UTC

I upgraded OpenSSL from 0.9.8y to 0.9.8z_p1-r1, and glsa-check reports the system as affected by:
201110-01
201312-03
201203-12
201404-07
I wonder whether there might be a problem with the version string?

Reproducible: Always

Steps to Reproduce:
1. emerge openssl to version 0.9.8z_p1-r1
2. run glsa-check
Actual Results:  
This system is affected by the following GLSAs:
201110-01
201312-03
201203-12
201404-07


Expected Results:  
No GLSAs

Comment 1 Kristian Fiskerstrand (RETIRED) gentoo-dev

2014-06-27 10:48:59 UTC

(In reply to Romain Riviere from comment #0)
> I upgraded OpenSSL from 0.9.8y to 0.9.8z_p1-r1, and glsa-check reports the
> system as affected by:
> 201110-01
> 201312-03
> 201203-12
> 201404-07
> I wonder whether there might be a problem with the version string?

Thanks for the report and list of affected GLSAs. Sadly this is a limitation of the current GLSA format that does not allow proper handling of slotting, so older slots require explicit "not affected" specification. As this is a new package release (and indeed in a version string that has not previously been defined), the older GLSAs needs to be updated.

Comment 2 Kristian Fiskerstrand (RETIRED) gentoo-dev

2014-07-16 12:00:12 UTC

This issue was fixed on 2014-07-07.