Gentoo Archives: gentoo-user

From: Andrew Savchenko <bircoph@g.o>
To: gentoo-user@l.g.o
Subject: Re: [gentoo-user] Ghost cyber threat
Date: Fri, 30 Jan 2015 11:03:18
Message-Id: 20150130140303.bc0c3f2bd6df3e34a3c9bc6f@gentoo.org
In Reply to: Re: [gentoo-user] Ghost cyber threat by Rich Freeman
1 On Thu, 29 Jan 2015 20:53:31 -0500 Rich Freeman wrote:
2 > On Thu, Jan 29, 2015 at 7:53 PM, Grant <emailgrant@×××××.com> wrote:
3 > >
4 > > glsa-check is working fine, it was a slotted issue. Still curious
5 > > about a way to check for statically linked packages.
6 > >
7 >
8 > False positives in glsa data aren't unheard of - log those as bugs -
9 > vulnerable versions should be masked, and non-vulnerable versions
10 > shouldn't be flagged. So, if an unmasked package is flagged, there is
11 > a bug of some kind that should be fixed.
12
13 It seems like glsa-check can't handle intervals at all. If package
14 have several intermittent intervals of vulnerable and fixed
15 versions, e.g. multiple slots fix fixes in several slots,
16 glsa-check fail:
17 https://bugs.gentoo.org/show_bug.cgi?id=106677
18
19 Quite an old bug...
20
21 Best regards,
22 Andrew Savchenko

Replies

Subject Author
Re: [gentoo-user] Ghost cyber threat symack <symack@×××××.com>