1 |
Marco Simeone schrieb: |
2 |
> Hello. |
3 |
> Do you know why glsa-check tells me to update sun-jdk, even if it's |
4 |
> alredy updated ? |
5 |
> |
6 |
> # glsa-check -p $(glsa-check -t all) |
7 |
> This system is affected by the following GLSAs: |
8 |
> Checking GLSA 200705-23 |
9 |
> The following updates will be performed for this GLSA: |
10 |
> dev-java/sun-jdk-1.5.0.15 (1.6.0.06 <http://1.6.0.06>) |
11 |
> |
12 |
> Checking GLSA 200702-07 |
13 |
> The following updates will be performed for this GLSA: |
14 |
> dev-java/sun-jdk-1.5.0.15 (1.6.0.06 <http://1.6.0.06>) |
15 |
> |
16 |
> Checking GLSA 200701-15 |
17 |
> The following updates will be performed for this GLSA: |
18 |
> dev-java/sun-jdk-1.5.0.15 (1.6.0.06 <http://1.6.0.06>) |
19 |
> |
20 |
> On my system there are installed sun-jdk-1.6.0.06 and sun-jdk-1.4.2.17 |
21 |
> (required by eclipse-sdk-3.2), but not sun-jdk-1.5.0.15. |
22 |
> |
23 |
> Thanks, |
24 |
> Marco. |
25 |
I noticed this a while ago and reported it to the sec herd. They say |
26 |
that this something related to the way the glsa check works. That means |
27 |
every new version has to proofed to be not affected. If you do |
28 |
|
29 |
$ glsa-check -d 200705-23 |
30 |
|
31 |
you find this "Vulnerable: <1.6.0.01". So glsa-check found |
32 |
version 1.6.0.6 to be affected and report this to you. |
33 |
|
34 |
|
35 |
Reported it directly to the Sec herd or make a bug report to get this fixed. |
36 |
|
37 |
Probably you like to ask why a package is marked stable but not be |
38 |
proofed to be not affected by reported glsa's!? |
39 |
|
40 |
|
41 |
As an easy work around you can inject them, |
42 |
|
43 |
glsa-check -i 200705-23. |