Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 578218 - GLSA 201603-15: too high version number given for affected packages
Summary: GLSA 201603-15: too high version number given for affected packages
Status: RESOLVED INVALID
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: GLSA Errors (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Gentoo Security
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-03-25 14:01 UTC by Rolf Eike Beer
Modified: 2016-03-25 16:24 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Rolf Eike Beer archtester 2016-03-25 14:01:30 UTC 
<unaffected range="ge">1.0.2g-r2</unaffected>
      <vulnerable range="lt">1.0.2g-r2</vulnerable>

This is not correct, versions 1.0.2g and 1.0.2g-r1 are not affected, too. This now annoys everyone who did a quick fix with a (local) overlay. I now run a local overlay that has ssl2 entirely disabled.

Reproducible: Always
Comment 1 Alex Legler (RETIRED) archtester gentoo-dev Security 2016-03-25 16:24:58 UTC 
Both ebuilds for -r0 and -r1 expose technical defects. Suggesting users to use those is not a good option.