1 |
>> >> GLSA 201512-07 requires that I remove gstreamer-0.10 but I'm |
2 |
>> >> finding it rather inextricable due to dependencies. Has anyone |
3 |
>> >> else run into this problem? |
4 |
>> > |
5 |
>> > I think this is another case of glsa-check not handling slots |
6 |
>> > correctly. |
7 |
>> |
8 |
>> I believe it handles ranges fine, but it seems that we occasionally |
9 |
>> have GLSAs that don't correctly specify ranges. You can log a bug |
10 |
>> against it. |
11 |
> |
12 |
> AFAICT, details of the gstreamer bug itself haven't been made public |
13 |
> yet, and nobody is sure whether the unmaintained 0.10 branch needs a |
14 |
> patch. See <https://bugs.gentoo.org/show_bug.cgi?id=553742#c11> and |
15 |
> the following comment. |
16 |
|
17 |
|
18 |
So everyone is just living with the supposed security vulnerability on |
19 |
their system? |
20 |
|
21 |
- Grant |