143989 – glsa-check tries to merge incorrect php versions

Bug 143989 - glsa-check tries to merge incorrect php versions

Summary: glsa-check tries to merge incorrect php versions

Status:	RESOLVED DUPLICATE of bug 106677

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	GLSA Errors (show other bugs)
Hardware:	All Other

Importance:	High normal
Assignee:	Gentoo Security

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2006-08-15 04:22 UTC by Torne Wuff
Modified:	2006-08-18 06:33 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Torne Wuff 2006-08-15 04:22:29 UTC

I have dev-lang/php versions 4.4.3-r1 and 5.1.4-r6 installed. glsa-check insists that I am vulnerable to 200605-08, though this should not be the case.

glsa-check -p 200605-08 reports:
The following updates will be performed for this GLSA:
     dev-lang/php-5.1.4 (4.4.3-r1)
     dev-lang/php-5.1.4-r4 (4.4.3-r1)

and if I run glsa-check -f 200605-08 it attempts to merge php-5.1.4.

It looks like it's not correctly interpreting the slotting - it didn't report me as vulnerable when I had php-4.4.2-r6 installed (which is also not vulnerable), so I believe the version conditions in the GLSA are confusing it somehow.

Comment 1 Raphael Marichez (Falco) (RETIRED) gentoo-dev

2006-08-16 01:50:38 UTC

Unfortunately that's an old known problem. :(

*** This bug has been marked as a duplicate of 106677 ***

Comment 2 Ian Stakenvicius 2006-08-18 06:33:32 UTC

I posted a recommendation to fix the GLSA listing itself in bug 133524 -- from what i can tell, the listing just needs to have lower-bounds on each affected SLOT..