Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-security

From: Willie Wong <wwong@×××××××××.EDU>
To: gentoo-security@l.g.o
Subject: Re: [gentoo-security] Kernels and GLSAs
Date: Thu, 22 Sep 2005 02:22:59
Message-Id: 20050922021828.GA20842@princeton.edu
In Reply to: Re: [gentoo-security] Kernels and GLSAs by Cameron Blackwood
1 On Thu, Sep 22, 2005 at 11:39:55AM +1000, Cameron Blackwood wrote:
2 > Time for me to make a fool of myself ;). Ive been running
3 >
4 >
5 > | emerge -uD world -pv
6 >
7 >
8 > to look for updates and I was a little surprised at the following....
9 >
10 > | # emerge -uD world -pv
11 > |
12 > | These are the packages that I would merge, in order:
13 > |
14 > | Calculating world dependencies ...done!
15 > | [ebuild U ] sys-devel/libperl-5.8.7 [5.8.6-r1] +berkdb -debug +gdbm -ithreads 9,608 kB
16 > | [ebuild U ] dev-lang/perl-5.8.7-r1 [5.8.6-r5] +berkdb -build -debug -doc +gdbm -ithreads -minimal -perlsuid 0 kB
17 > |
18 > | Total size of downloads: 9,608 kB
19 >
20 >
21 > Which doesnt list.......
22 >
23 >
24 > | # glsa-check -l |& grep '\[N\]'
25 > | [N] indicates that the system might be affected.
26 > | 200507-16 [N] dhcpcd: Denial of Service vulnerability ( net-misc/dhcpcd )
27 >
28 >
29 > Huh? Have I just foolishly assumed that emerge world checks all packages?
30 > Is there some 'better' way to list all packages that need updates
31 > both security and normal (and I missed it)?
32
33 dhcpcd was recently (couple months back) removed from "system". If you
34 installed your system before then, dhcpcd would not have been recorded
35 in the world file since it was part of system, which is included in
36 the packages checked when you do emerge -uD world.
37
38 After it has been removed from system, unless you added it to world
39 yourself, none of the emerge -uD world operations would have updated
40 dhcpcd, and so dhcpcd, never passing through emerge since its removal
41 from system, never was added to the world file. So now emerge -uD
42 world doesn't know it is on your system.
43
44 W
45
46 --
47 News headline:
48 The man who fell into an upholstery machine was fully recovered.
49 Sortir en Pantoufles: up 41 days, 5:18
50 --
51 gentoo-security@g.o mailing list
Report Message
Find on MARC Find on Google Groups