| Summary: | GLSA 201603-15: too high version number given for affected packages | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Rolf Eike Beer <eike> |
| Component: | GLSA Errors | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED INVALID | ||
| Severity: | normal | ||
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
Both ebuilds for -r0 and -r1 expose technical defects. Suggesting users to use those is not a good option. |
<unaffected range="ge">1.0.2g-r2</unaffected> <vulnerable range="lt">1.0.2g-r2</vulnerable> This is not correct, versions 1.0.2g and 1.0.2g-r1 are not affected, too. This now annoys everyone who did a quick fix with a (local) overlay. I now run a local overlay that has ssl2 entirely disabled. Reproducible: Always