| 1 |
Marco Simeone schrieb: |
| 2 |
> Hello. |
| 3 |
> Do you know why glsa-check tells me to update sun-jdk, even if it's |
| 4 |
> alredy updated ? |
| 5 |
> |
| 6 |
> # glsa-check -p $(glsa-check -t all) |
| 7 |
> This system is affected by the following GLSAs: |
| 8 |
> Checking GLSA 200705-23 |
| 9 |
> The following updates will be performed for this GLSA: |
| 10 |
> dev-java/sun-jdk-1.5.0.15 (1.6.0.06 <http://1.6.0.06>) |
| 11 |
> |
| 12 |
> Checking GLSA 200702-07 |
| 13 |
> The following updates will be performed for this GLSA: |
| 14 |
> dev-java/sun-jdk-1.5.0.15 (1.6.0.06 <http://1.6.0.06>) |
| 15 |
> |
| 16 |
> Checking GLSA 200701-15 |
| 17 |
> The following updates will be performed for this GLSA: |
| 18 |
> dev-java/sun-jdk-1.5.0.15 (1.6.0.06 <http://1.6.0.06>) |
| 19 |
> |
| 20 |
> On my system there are installed sun-jdk-1.6.0.06 and sun-jdk-1.4.2.17 |
| 21 |
> (required by eclipse-sdk-3.2), but not sun-jdk-1.5.0.15. |
| 22 |
> |
| 23 |
> Thanks, |
| 24 |
> Marco. |
| 25 |
I noticed this a while ago and reported it to the sec herd. They say |
| 26 |
that this something related to the way the glsa check works. That means |
| 27 |
every new version has to proofed to be not affected. If you do |
| 28 |
|
| 29 |
$ glsa-check -d 200705-23 |
| 30 |
|
| 31 |
you find this "Vulnerable: <1.6.0.01". So glsa-check found |
| 32 |
version 1.6.0.6 to be affected and report this to you. |
| 33 |
|
| 34 |
|
| 35 |
Reported it directly to the Sec herd or make a bug report to get this fixed. |
| 36 |
|
| 37 |
Probably you like to ask why a package is marked stable but not be |
| 38 |
proofed to be not affected by reported glsa's!? |
| 39 |
|
| 40 |
|
| 41 |
As an easy work around you can inject them, |
| 42 |
|
| 43 |
glsa-check -i 200705-23. |
Archives