1 |
In every GLSA they inform us of the steps to take to update the |
2 |
software, and it always goes something like this: |
3 |
|
4 |
emerge --clean rsync |
5 |
emerge <package> |
6 |
emerge clean |
7 |
|
8 |
.. now, I wonder, .. isn't emerge prune <package> a better way? Because |
9 |
most of the time emerge clean won't unmerge the old packages leaving |
10 |
(very unlikely) vulnerable files? |
11 |
|
12 |
Examples of this behaviour (not unmerging the old vuln. package) is |
13 |
the recent glibc and openssh updates. Altough, in these cases it is not |
14 |
exploitable in the future it might be. |
15 |
|
16 |
-- |
17 |
Asbjorn Sannes |
18 |
ace@××××××.org |