550562 – dev-lang/php-5.4.41 - reported as vulnerable by 201408-11, 201411-04, 201503-03

Bug 550562 - dev-lang/php-5.4.41 - reported as vulnerable by 201408-11, 201411-04, 201503-03

Summary: dev-lang/php-5.4.41 - reported as vulnerable by 201408-11, 201411-04, 201503-03

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	GLSA Errors (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2015-05-27 14:31 UTC by Tomáš Mózes
Modified:	2015-08-22 22:39 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Tomáš Mózes 2015-05-27 14:31:39 UTC

201408-11 [N] [remote  ] PHP: Multiple vulnerabilities ( dev-lang/php-5.4.41 )
201411-04 [N] [remote  ] PHP: Multiple vulnerabilities ( dev-lang/php-5.4.41 )
201503-03 [N] [remote  ] PHP: Multiple vulnerabilities ( dev-lang/php-5.4.41 )

Can this be fixed please?

Comment 1 Richard H. 2015-07-10 08:47:51 UTC

Not intending to bump, bit it's still active as of today. Are those GLSA's affecting 5.4.41? If so, will there be a fix? If not, can this be fixed?

Thank you very much in advance!

Comment 2 Tobias Heinlein (RETIRED) gentoo-dev

2015-08-22 22:39:52 UTC

Sorry for not fixing this faster.

These false positives arise due to a limitation of the current GLSA format: We can't properly supply information about SLOTs in GLSAs and have to explicitly enumerate older versions to make glsa-check recognize them as unaffected. I have just added PHP versions up to 5.4.46 (which doesn't exist yet) to the mentioned GLSAs to work around this issue.