| Summary: | glsa-check incorrectly detects the system is affected by GLSA 201401-04 | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Kirill Elagin <kirelagin> |
| Component: | GLSA Errors | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED DUPLICATE | ||
| Severity: | normal | CC: | andrzej.pauli, avittecoq, ercpe, kirelagin, klausman, randalla, whissi |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
|
Description
Kirill Elagin
2014-01-06 23:34:45 UTC
Ok, I just thought this might have something to do with the fact that those ebuilds are not present in the tree, but, well, then this behaviour of `glsa-check` seems weird to me. And I couldn't find any mentions of this in documentation or forums or bugs. $ equery list python
* Searching for python ...
[IP-] [ ] dev-lang/python-2.7.6:2.7
[IP-] [ ] dev-lang/python-3.2.5-r3:3.2
[IP-] [ ] dev-lang/python-3.3.3:3.3
$ glsa-check -l affected
[...]
201401-04 [N] Python: Multiple vulnerabilities ( dev-lang/python )
$
I also noticed this:
# glsa-check --pretend affected
Checking GLSA 201401-04
>>> No upgrade path exists for these packages:
dev-lang/python-2.7.6
glsa-check is working as intended, it's oblivious to slots and the advisory is not working around that fact properly. This is basically a dupe of bug 106677, I'll dupe it once a fixed advisory is in the tree. *** Bug 497426 has been marked as a duplicate of this bug. *** I added the additional versions that are unaffected, too. The fixed advisory is committed and should show up in the next 30 minutes. Please reopen if you still get this issue then. *** This bug has been marked as a duplicate of bug 106677 *** |
