rge kde-base/kdelibs-3.5.10 (or something similar) needs to be added to unaffected for glsa 200804-30. glsa-check is showing it as unaffected right now, but I believe that is an error with glsa-check's handling of rge. other checks show this as vulnerable (as it doesnt match <unaffected range="rge">3.5.9-r3</unaffected> or any other unaffected range) Reproducible: Always Steps to Reproduce: 1. look at /usr/portage/metadata/glsa/glsa-200804-30.xml OR 1. paludis -r Actual Results: * kde-base/kdelibs-3.5.10-r2:3.5::installed NOT OK This package has following security issues: GLSA-200804-30: "KDE start_kdeinit: Multiple vulnerabilities" -> /usr/portage/metadata/glsa/glsa-200804-30.xml Expected Results: should show no vulnerable packages
It's because it's not a stable package for now, so maybe paludis is not handling this correctly. Anyway, I added 3.5.10 as unaffected in glsa-200804-30.xml for when it goes stable.
*** Bug 260182 has been marked as a duplicate of this bug. ***