Bug 198053

Summary:	GLSA 200710-12 applies to stable media-libs/t1lib
Product:	Gentoo Security	Reporter:	Richard Freeman <rich0>
Component:	GLSA Errors	Assignee:	Gentoo Security <security>
Status:	RESOLVED INVALID
Severity:	normal	CC:	fonts
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:	jaervosz
Package list:		Runtime testing required:	---

Description Richard Freeman gentoo-dev

2007-11-04 13:33:25 UTC

GLSA 200710-12 is listed as applying to media-libs/t1lib < 5.0.2-r1.

However, version 1.3.1 is still in portage and has numerous dependencies.

If it is vulnerable then it needs to be fixed.  If it is not vulnerable then the GLSA should be patched so that it doesn't come up as a false alarm.

Do we need to add to the glsa?:
<unaffected range="lt">5.0</unaffected>


Reproducible: Always

Comment 1 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2007-11-05 08:03:10 UTC

fonts please advise wether 1.3.1 is affected?

Comment 2 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2007-11-07 20:13:18 UTC

The same code is present in t1lib-1.3.1. Do we have anything depending on the old version?

Comment 3 Ryan Hill (RETIRED) gentoo-dev

2007-11-08 04:34:48 UTC

No, it doesn't look like it.  I've masked it for removal.

dirtyepic@tycho ~ $ qgrep -N t1lib-1
app-misc/gfontview-0.5.0-r6:DEPEND=">=media-libs/t1lib-1.0.1
app-text/xdvik-22.40y-r2:DEPEND=">=media-libs/t1lib-1.3
media-gfx/swftools-0.7.0:DEPEND=">=media-libs/t1lib-1.3.1
media-gfx/swftools-0.8.0:DEPEND=">=media-libs/t1lib-1.3.1
media-gfx/swftools-0.8.1:DEPEND=">=media-libs/t1lib-1.3.1
media-libs/t1lib-1.3.1:# $Header: /var/cvsroot/gentoo-x86/media-libs/t1lib/t1lib-1.3.1.ebuild,v 1.29 2007/01/05 08:35:17 flameeyes Exp $
sci-visualization/grace-5.1.20: >=media-libs/t1lib-1.3.1
sci-visualization/grace-5.1.21: >=media-libs/t1lib-1.3.1

Comment 4 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2007-11-08 06:43:02 UTC

Thanks Ryan and Richard.

I'll close this one as INVALID since we don't have a policy regarding older vulnerable versions in the tree.