Bug 72917

Summary:	glsa-check confused by GLSA 200411-27
Product:	Gentoo Security	Reporter:	Christian Gut <cycloon>
Component:	GLSA Errors	Assignee:	Gentoo Security <security>
Status:	RESOLVED DUPLICATE
Severity:	normal	CC:	tools-portage
Priority:	High
Version:	unspecified
Hardware:	All
OS:	All
Whiteboard:	koon
Package list:		Runtime testing required:	---

Description Christian Gut 2004-11-30 06:08:31 UTC

GLSA 200411-27 states that every version of fcron lower than 2.9.5 is vulnerable:

<vulnerable range="le">2.9.5</vulnerable>

Thats not true, 2.0.2 of the stable branch fixes the problem as well (stated correcly in that glsa)

<unaffected range="rge">2.0.2</unaffected>
<unaffected range="ge">2.9.5.1</unaffected>

That situation causes glsa-check trying to update fcron to 2.9.5.1. I'm not sure that the GLSA is wrong, perhaps its glsa-check.

Comment 1 Thierry Carrez (RETIRED) gentoo-dev

2004-11-30 14:09:41 UTC

The GLSA is alright, but you need an updated glsa-check to have it work.
Try the glsa-check in gentookit-0.2.0_pre10-r1 and it should work. Please confirm that this solved your issue so that we can close this bug.

Comment 2 Christian Gut 2004-11-30 14:23:29 UTC

I already tried that, it does not help:


This system is affected by the following GLSA:
200411-27

*  sys-apps/fcron :
        [  I] 2.0.2 (0)
        [M~ ] 2.9.5.1 (0)

*  app-portage/gentoolkit :
        [   ] 0.2.0_pre8 (0)
        [   ] 0.2.0_pre8-r1 (0)
        [M~ ] 0.2.0_pre9 (0)
        [M~ ] 0.2.0_pre10 (0)
        [M I] 0.2.0_pre10-r1 (0)

Comment 3 Thierry Carrez (RETIRED) gentoo-dev

2004-12-06 02:55:56 UTC

Looks like the same kind of error as bug 73537.
Rewrote title as the GLSA is correct...

Comment 4 Marius Mauch (RETIRED) gentoo-dev

2004-12-08 02:14:47 UTC


*** This bug has been marked as a duplicate of 68050 ***