Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 263868

Summary: kde-base/kdelibs-3.5.10-r2 should be unaffected by glsa-200804-30
Product: Gentoo Security Reporter: Ben Kohler <bkohler>
Component: GLSA ErrorsAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: boris-gentoobugzilla
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description Ben Kohler gentoo-dev 2009-03-26 16:12:19 UTC
rge kde-base/kdelibs-3.5.10 (or something similar) needs to be added to unaffected for glsa 200804-30.

glsa-check is showing it as unaffected right now, but I believe that is an error with glsa-check's handling of rge.  other checks show this as vulnerable (as it doesnt match <unaffected range="rge">3.5.9-r3</unaffected> or any other unaffected range)


Reproducible: Always

Steps to Reproduce:
1.  look at /usr/portage/metadata/glsa/glsa-200804-30.xml

OR

1.  paludis -r

Actual Results:  
* kde-base/kdelibs-3.5.10-r2:3.5::installed NOT OK
    This package has following security issues:
    GLSA-200804-30: "KDE start_kdeinit: Multiple vulnerabilities"
        -> /usr/portage/metadata/glsa/glsa-200804-30.xml


Expected Results:  
should show no vulnerable packages
Comment 1 Pierre-Yves Rofes (RETIRED) gentoo-dev 2009-04-08 11:45:20 UTC
It's because it's not a stable package for now, so maybe paludis is not handling this correctly. Anyway, I added 3.5.10 as unaffected in glsa-200804-30.xml for when it goes stable.
Comment 2 Robert Buchholz (RETIRED) gentoo-dev 2009-05-28 16:57:22 UTC
*** Bug 260182 has been marked as a duplicate of this bug. ***