537204 – sys-apps/portage: glsa-check reports wrong version of affected package

Bug 537204 - sys-apps/portage: glsa-check reports wrong version of affected package

Summary: sys-apps/portage: glsa-check reports wrong version of affected package

Status:	RESOLVED DUPLICATE of bug 400763

Alias:	None

Product:	Portage Development
Classification:	Unclassified
Component:	Tools (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Portage Tools Team

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2015-01-21 07:31 UTC by Sergey Popov
Modified:	2019-08-15 21:21 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sergey Popov gentoo-dev

2015-01-21 07:31:24 UTC

As per summary. Happens if glsa-check output contains two GLSAs for one package.

Here is example of wrong glsa-check output:

zeus ~ # glsa-check -vt affected
This system is affected by the following GLSAs:
[A] means this GLSA was marked as applied (injected),
[U] means the system is not affected and
[N] indicates that the system might be affected.

201412-01 [N] [local, remote] QEMU: Multiple Vulnerabilities ( app-emulation/qemu-2.1.0-r1 )
201412-37 [N] [local, remote] QEMU: Multiple Vulnerabilities ( app-emulation/qemu-2.1.0-r1 )

If we look at http://glsa.gentoo.org we will see, that GLSA 201412-37 said that only <app-emulaton/qemu-2.1.2-r1 is not vulnerable.

Comment 1 Roland Hopferwieser 2016-02-27 01:20:16 UTC

Is this bug identical with #400763?

Comment 2 Zac Medico gentoo-dev

2019-08-15 21:21:01 UTC


*** This bug has been marked as a duplicate of bug 400763 ***