Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 490192 - Various dev-dotnet/*-sharp ebuilds require =sys-devel/automake-1.10* despite automake security vulnerability
Summary: Various dev-dotnet/*-sharp ebuilds require =sys-devel/automake-1.10* despite ...
Status: UNCONFIRMED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: dotnet
URL:
Whiteboard:
Keywords:
Depends on: 489450
Blocks:
  Show dependency tree
 
Reported: 2013-11-02 20:41 UTC by Paul McDermott
Modified: 2013-11-06 20:00 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Paul McDermott 2013-11-02 20:41:48 UTC
The following ebuilds require =sys-devel/automake-1.10*

server paul # emerge --depclean -p -v =sys-devel/automake-1.10.3

Calculating dependencies... done!
  sys-devel/automake-1.10.3 pulled in by:
    dev-dotnet/atk-sharp-2.12.10 requires =sys-devel/automake-1.10*, sys-devel/automake
    dev-dotnet/gdk-sharp-2.12.10 requires =sys-devel/automake-1.10*, sys-devel/automake
    dev-dotnet/glade-sharp-2.12.10 requires =sys-devel/automake-1.10*, sys-devel/automake
    dev-dotnet/glib-sharp-2.12.10 requires =sys-devel/automake-1.10*, sys-devel/automake
    dev-dotnet/gtk-sharp-2.12.10 requires sys-devel/automake, =sys-devel/automake-1.10*
    dev-dotnet/gtk-sharp-gapi-2.12.10 requires =sys-devel/automake-1.10*, sys-devel/automake
    dev-dotnet/pango-sharp-2.12.10 requires sys-devel/automake, =sys-devel/automake-1.10*


<=sys-devel/automake-1.11.6 is subject to GLSA 201310-15.

Without this dependancy being resolved, I get a warning message from GLSA every time glsa-check is run (daily, automatically), which I can't do anything about


Reproducible: Always

Steps to Reproduce:
1.Install one or more of the above dev-dotnet/*-sharp ebuilds
2.Run glsa-check
3.
Actual Results:  
glsa-check reports GLSA 201310-15

Expected Results:  
No security vulnerabilities on my system
Comment 1 Pacho Ramos gentoo-dev 2013-11-06 20:00:55 UTC
No idea how base-system will handle this as there are more packages still depending on old slots