Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 263868 - kde-base/kdelibs-3.5.10-r2 should be unaffected by glsa-200804-30
Summary: kde-base/kdelibs-3.5.10-r2 should be unaffected by glsa-200804-30
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: GLSA Errors (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard:
Keywords:
: 260182 (view as bug list)
Depends on:
Blocks:
 
Reported: 2009-03-26 16:12 UTC by Ben Kohler
Modified: 2009-05-28 16:57 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Ben Kohler gentoo-dev 2009-03-26 16:12:19 UTC
rge kde-base/kdelibs-3.5.10 (or something similar) needs to be added to unaffected for glsa 200804-30.

glsa-check is showing it as unaffected right now, but I believe that is an error with glsa-check's handling of rge.  other checks show this as vulnerable (as it doesnt match <unaffected range="rge">3.5.9-r3</unaffected> or any other unaffected range)


Reproducible: Always

Steps to Reproduce:
1.  look at /usr/portage/metadata/glsa/glsa-200804-30.xml

OR

1.  paludis -r

Actual Results:  
* kde-base/kdelibs-3.5.10-r2:3.5::installed NOT OK
    This package has following security issues:
    GLSA-200804-30: "KDE start_kdeinit: Multiple vulnerabilities"
        -> /usr/portage/metadata/glsa/glsa-200804-30.xml


Expected Results:  
should show no vulnerable packages
Comment 1 Pierre-Yves Rofes (RETIRED) gentoo-dev 2009-04-08 11:45:20 UTC
It's because it's not a stable package for now, so maybe paludis is not handling this correctly. Anyway, I added 3.5.10 as unaffected in glsa-200804-30.xml for when it goes stable.
Comment 2 Robert Buchholz (RETIRED) gentoo-dev 2009-05-28 16:57:22 UTC
*** Bug 260182 has been marked as a duplicate of this bug. ***