| Summary: | glsa-check tries to merge incorrect php versions | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Torne Wuff <torne-gentoozilla> |
| Component: | GLSA Errors | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED DUPLICATE | ||
| Severity: | normal | ||
| Priority: | High | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Other | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
Unfortunately that's an old known problem. :( *** This bug has been marked as a duplicate of 106677 *** I posted a recommendation to fix the GLSA listing itself in bug 133524 -- from what i can tell, the listing just needs to have lower-bounds on each affected SLOT.. |
I have dev-lang/php versions 4.4.3-r1 and 5.1.4-r6 installed. glsa-check insists that I am vulnerable to 200605-08, though this should not be the case. glsa-check -p 200605-08 reports: The following updates will be performed for this GLSA: dev-lang/php-5.1.4 (4.4.3-r1) dev-lang/php-5.1.4-r4 (4.4.3-r1) and if I run glsa-check -f 200605-08 it attempts to merge php-5.1.4. It looks like it's not correctly interpreting the slotting - it didn't report me as vulnerable when I had php-4.4.2-r6 installed (which is also not vulnerable), so I believe the version conditions in the GLSA are confusing it somehow.