[paludis-user] Confusing security related paludis --report output

Tomas Linhart tomas.linhart at gmail.com
Fri Oct 24 15:11:15 UTC 2008


I am little confused by the output of paludis --report.

When I run paludis --report I get the following complaint about security issue.

kde-base/kdelibs-3.5.10-r2:3.5::installed NOT OK
    This package has following security issues:
    GLSA-200804-30: "KDE start_kdeinit: Multiple vulnerabilities"
        -> /var/paludis/repositories/gentoo/metadata/glsa/glsa-200804-30.xml


I ran glsa-check to find out more informaction about the security
issue and I got:

# glsa-check --print 200804-30

GLSA 200804-30:
KDE start_kdeinit: Multiple vulnerabilities
...
Affected package:  kde-base/kdelibs
Affected archs:    All
Vulnerable:        <4.0
Unaffected:        >=~3.5.8-r4>=~3.5.9-r3>4.0<3.5.5
...

It seems to me that kdelibs-3.5.10 should be OK as it should match the
condition >=~3.5.9-r3

# glsa-check --list affected
shows no affected packages

Anyone knows why is paludis reporting this security issue?

Thanks.



More information about the paludis-user mailing list