Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 546430 - glsa-check gives false alarm GLSA 201408-11 for dev-lang/php-5.4.39
Summary: glsa-check gives false alarm GLSA 201408-11 for dev-lang/php-5.4.39
Status: RESOLVED OBSOLETE
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: GLSA Errors (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-04-13 10:29 UTC by Hanno Böck
Modified: 2016-07-01 06:50 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Hanno Böck gentoo-dev 2015-04-13 10:29:13 UTC 
Checking GLSA 201408-11
>>> No upgrade path exists for these packages:
     dev-lang/php-5.4.39

The given GLSA is for PHP 5.4 versions below 5.4.32, so this is a false alarm.
Comment 1 Tomáš Mózes 2015-04-13 16:45:05 UTC 
Reported and closed as invalid:
https://bugs.gentoo.org/show_bug.cgi?id=545286
Comment 2 Timo Eissler 2015-07-11 13:49:46 UTC 
I have nearly the same issue with php 5.4.41 for the 5.4 slot.
All my php packages are up2date but the following GLSA are listed as affected.


# equery l php
 * Searching for php ...
[IP-] [  ] dev-lang/php-5.4.41:5.4
[IP-] [  ] dev-lang/php-5.5.26:5.5
[IP-] [  ] dev-lang/php-5.6.10:5.6
# glsa-check -l affected
[A] means this GLSA was marked as applied (injected),
[U] means the system is not affected and
[N] indicates that the system might be affected.



201408-11 [N] PHP: Multiple vulnerabilities ( dev-lang/php )
201411-04 [N] PHP: Multiple vulnerabilities ( dev-lang/php )
201503-03 [N] PHP: Multiple vulnerabilities ( dev-lang/php )



# emerge --info
Portage 2.2.20 (python 2.7.9-final-0, default/linux/amd64/13.0, gcc-4.7.3, glibc-2.20-r2, 3.18.11-gentoo_20150422-1 x86_64)
=================================================================
System uname: Linux-3.18.11-gentoo_20150422-1-x86_64-Intel-R-_Xeon-R-_CPU_E3-1246_v3_@_3.50GHz-with-gentoo-2.2
KiB Mem:    16495068 total,   1759624 free
KiB Swap:    8388604 total,   7768288 free
Timestamp of repository gentoo: Sat, 11 Jul 2015 11:45:01 +0000
sh bash 4.3_p33-r2
ld GNU ld (Gentoo 2.24 p1.4) 2.24
app-shells/bash:          4.3_p33-r2::gentoo
dev-java/java-config:     2.2.0::gentoo
dev-lang/perl:            5.20.2::gentoo
dev-lang/python:          2.7.9-r1::gentoo, 3.3.5-r1::gentoo, 3.4.1::gentoo
dev-util/cmake:           3.2.2::gentoo
dev-util/pkgconfig:       0.28-r2::gentoo
sys-apps/baselayout:      2.2::gentoo
sys-apps/openrc:          0.17::gentoo
sys-apps/sandbox:         2.6-r1::gentoo
sys-devel/autoconf:       2.13::gentoo, 2.69::gentoo
sys-devel/automake:       1.11.6-r1::gentoo, 1.12.6::gentoo, 1.13.4::gentoo, 1.14.1::gentoo
sys-devel/binutils:       2.24-r3::gentoo
sys-devel/gcc:            4.5.4::gentoo, 4.6.3::gentoo, 4.7.3-r1::gentoo, 4.8.4::gentoo
sys-devel/gcc-config:     1.7.3::gentoo
sys-devel/libtool:        2.4.6::gentoo
sys-devel/make:           4.1-r1::gentoo
sys-kernel/linux-headers: 3.18::gentoo (virtual/os-headers)
sys-libs/glibc:           2.20-r2::gentoo
Repositories:

gentoo
    location: /usr/portage
    sync-type: rsync
    sync-uri: rsync://rsync.de.gentoo.org/gentoo-portage
    priority: -1000

morlix-gentoo-overlay
    location: /usr/local/portage
    sync-type: git
    sync-uri: ssh://teissler@morlixsrv1.dyndns.org/srv/git/gentoo-overlay.git
    masters: gentoo

ACCEPT_KEYWORDS="amd64"
ACCEPT_LICENSE="* -@EULA"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=native -O2 -pipe"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/lib64/fax /usr/share/gnupg/qualified.txt /var/spool/fax/etc"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php5.4/ext-active/ /etc/php/apache2-php5.5/ext-active/ /etc/php/apache2-php5.6/ext-active/ /etc/php/cgi-php5.4/ext-active/ /etc/php/cgi-php5.5/ext-active/ /etc/php/cgi-php5.6/ext-active/ /etc/php/cli-php5.4/ext-active/ /etc/php/cli-php5.5/ext-active/ /etc/php/cli-php5.6/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo"
CXXFLAGS="-march=native -O2 -pipe"
DISTDIR="/usr/portage/distfiles"
FCFLAGS="-march=native -O2 -pipe"
FEATURES="assume-digests binpkg-logs ccache config-protect-if-modified distlocks ebuild-locks fixlafiles merge-sync news parallel-fetch preserve-libs protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync"
FFLAGS="-march=native -O2 -pipe"
GENTOO_MIRRORS="ftp://de-mirror.org/distro/gentoo/ rsync://de-mirror.org/gentoo/ http://mirror.netcologne.de/gentoo/ ftp://linux.rz.ruhr-uni-bochum.de/gentoo-mirror/ rsync://ftp.halifax.rwth-aachen.de/gentoo/ ftp://ftp.tu-clausthal.de/pub/linux/gentoo/ rsync://ftp-stud.hs-esslingen.de/gentoo/"
LANG="de_DE.utf8"
LDFLAGS="-Wl,-O1 -Wl,--as-needed"
MAKEOPTS="-j5"
PKGDIR="/usr/portage/packages"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/var/tmp"
USE="acl amd64 apache2 berkdb bzip2 caps clamav cli cracklib crypt cryptsetup cxx device-mapper dri fam fortran gdbm gnutls gzip iconv ipv6 ldap lm_sensors lzma maildir mmx mmxext modules multilib mysql ncurses nls nptl openmp pam pcre posix quota readline session sse sse2 ssl ssse3 syslog tcpd udev unicode vim-syntax zlib" ABI_X86="64" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias auth_digest version" CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon braindump author" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="aes avx avx2 fma3 mmx mmxext popcnt sse sse2 sse3 sse4_1 sse4_2 ssse3" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ublox ubx" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php5-5" PYTHON_SINGLE_TARGET="python2_7" PYTHON_TARGETS="python2_7 python3_3" RUBY_TARGETS="ruby19 ruby20" USERLAND="GNU" VIDEO_CARDS="radeon" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account"
Unset:  CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, USE_PYTHON
Comment 3 Aaron Bauman (RETIRED) gentoo-dev 2016-07-01 06:50:47 UTC 
The PHP 5.4 branch is gone from the tree, which would alleviate this.  Please reopen if there are additional false positives.