Summary: | glsa 200605-08 false positives | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Ian Stakenvicius <ian> |
Component: | GLSA Errors | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | hkmaly, lorand.kelemen, php-bugs |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Ian Stakenvicius
2006-08-25 13:18:46 UTC
php team, is is php-4.4.3-r1 patched wrt this, or is it vulnerable? thanks Should be fixed in cvs, thank you Fixed for x86, but could you add the unaffected section to alpha/amd64/ia64/ppc64? Thx for the notification. It's fixed in CVS now. *** Bug 146231 has been marked as a duplicate of this bug. *** Reopening still glsa-check still marks 4.4.3-r1 as vulnerable, at least on amd64. Perhaps glsa-check is not happy with the "more complex than usual" arch section? I can test and provide info if needed. (In reply to comment #7) > I can test and provide info if needed. > it's our fault. If we merge : <package name="dev-lang/php" auto="yes" arch="arm hppa ppc s390 sh sparc x86 x86-fbsd"> <unaffected range="ge">FOO</unaffected> </package> <package name="dev-lang/php" auto="yes" arch="alpha amd64 ia64 ppc64"> <unaffected range="rge">FOO</unaffected> </package> in one single entry : <package name="dev-lang/php" auto="yes" arch="*"> <unaffected range="rge">4.4.3-r1</unaffected> </package> whereas there are still arches entry elsewhere, glsa-check seems not happy. I've just corrected this in CVS. Please reopen if glsa-check still complains. Reopening, due to php-4.4.6 getting flagged now (at least on amd64) I'm assuming that this bug doesn't affect 4.4.6 ... Also GLSA's 200608-28 and 200610-14 i believe are affected by this. Remind me again why slotting the affected/unaffected ranges wouldn't be better than using 'rge's? i *hope* that i fixed them all (correctly), thanks for reporting this. note to self: push slotted GLSAs php-4.4.7 is flagged now ... with four glsa: 200605-08 [N] PHP: Multiple vulnerabilities ( dev-lang/php ) 200608-28 [N] PHP: Arbitary code execution ( dev-lang/php ) 200610-14 [N] PHP: Integer overflow ( dev-lang/php ) 200703-21 [N] PHP: Multiple vulnerabilities ( dev-lang/php ) [I--] [ ] dev-lang/php-4.4.7 (4) [I--] [ ] dev-lang/php-5.2.2-r1 (5) Portage 2.1.2.2 (default-linux/x86/2007.0/desktop, gcc-3.3.6, glibc-2.3.6-r4, 2.6.14-gentoo-r2 i686) ... why can't I reopen this bug ? Sigh... Thanks for notifying us. Fixed in CVS. Now I just wish for better range support in glsa-check. |