1 |
Duncan wrote: |
2 |
|
3 |
>OK, the following was in the GLSA |
4 |
> |
5 |
> ------------------------------------------------------------------- |
6 |
> Package / Vulnerable / Unaffected |
7 |
> ------------------------------------------------------------------- |
8 |
> 1 emul-linux-x86-baselibs < 2.2 >= 2.2 |
9 |
> ------------------------------------------------------------------- |
10 |
> # Package 1 only applies to AMD64 users. |
11 |
> |
12 |
>I upgraded to 2.2.2 yesterday. Now, it wants to downgrade to 2.1.2, which |
13 |
>the above says will still be vulnerable. |
14 |
> |
15 |
>Looking at the changelog, it appears 2.2.x had quite a number of bugs. |
16 |
>There's a statement in there that /appears/ to suggest that the fixes for |
17 |
>the zlib security issue were backported to the new 2.1.2, but we don't |
18 |
>have an updated GLSA officially confirming that. As this is a security |
19 |
>issue, I'm sure folks can understand why I'm a bit leery of trusting a |
20 |
>changelog entry that's contradicting an official GLSA. |
21 |
> |
22 |
>Is the 2.1.2 legit and fixed, or is somebody trying to man-in-the-middle |
23 |
>things? Assuming it's legit, would it be possible to have a duly and |
24 |
>officially signed GLSA update to that effect? |
25 |
> |
26 |
>In the admittedly unlikely event that it's /not/ legit, then we have a |
27 |
>/very/ serious man-in-the-middle cracking attempt going on! |
28 |
> |
29 |
> |
30 |
> |
31 |
by my experience, version 2.2.2 breaks my mplayer32 and firefox-bin. |
32 |
Errors about missing libgobject.so.0 and libslang.so.0. |
33 |
Both libs was present in the system. |
34 |
I had to downgrade and both works well. |
35 |
|
36 |
michalz |
37 |
-- |
38 |
gentoo-amd64@g.o mailing list |