As per summary. Happens if glsa-check output contains two GLSAs for one package.
Here is example of wrong glsa-check output:
zeus ~ # glsa-check -vt affected
This system is affected by the following GLSAs:
[A] means this GLSA was marked as applied (injected),
[U] means the system is not affected and
[N] indicates that the system might be affected.
201412-01 [N] [local, remote] QEMU: Multiple Vulnerabilities ( app-emulation/qemu-2.1.0-r1 )
201412-37 [N] [local, remote] QEMU: Multiple Vulnerabilities ( app-emulation/qemu-2.1.0-r1 )
If we look at http://glsa.gentoo.org we will see, that GLSA 201412-37 said that only <app-emulaton/qemu-2.1.2-r1 is not vulnerable.
Is this bug identical with #400763?
*** This bug has been marked as a duplicate of bug 400763 ***