FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Gentoo > Gentoo User

 
 
LinkBack Thread Tools
 
Old 05-30-2008, 08:47 PM
"Marco Simeone"
 
Default glsa-check question

Hello.
Do you know why glsa-check tells me to update sun-jdk, even if it's alredy updated ?

# glsa-check -p $(glsa-check -t all)
This system is affected by the following GLSAs:
Checking GLSA 200705-23

The following updates will be performed for this GLSA:
**** dev-java/sun-jdk-1.5.0.15 (1.6.0.06)

Checking GLSA 200702-07
The following updates will be performed for this GLSA:

**** dev-java/sun-jdk-1.5.0.15 (1.6.0.06)

Checking GLSA 200701-15
The following updates will be performed for this GLSA:
**** dev-java/sun-jdk-1.5.0.15 (1.6.0.06)


On my system there are installed sun-jdk-1.6.0.06 and sun-jdk-1.4.2.17 (required by eclipse-sdk-3.2),* but not sun-jdk-1.5.0.15.

Thanks,
Marco.
 
Old 05-31-2008, 06:54 AM
PaulNM
 
Default glsa-check question

Marco Simeone wrote:

Hello.
Do you know why glsa-check tells me to update sun-jdk, even if it's alredy
updated ?

# glsa-check -p $(glsa-check -t all)
This system is affected by the following GLSAs:
Checking GLSA 200705-23
The following updates will be performed for this GLSA:
dev-java/sun-jdk-1.5.0.15 (1.6.0.06)

Checking GLSA 200702-07
The following updates will be performed for this GLSA:
dev-java/sun-jdk-1.5.0.15 (1.6.0.06)

Checking GLSA 200701-15
The following updates will be performed for this GLSA:
dev-java/sun-jdk-1.5.0.15 (1.6.0.06)

On my system there are installed sun-jdk-1.6.0.06 and sun-jdk-1.4.2.17
(required by eclipse-sdk-3.2), but not sun-jdk-1.5.0.15.

Thanks,
Marco.

It's not saying what you think. Glsa-check wants to update java by
downgrading it. See bug http://bugs.gentoo.org/show_bug.cgi?id=222861


PaulNM
--
gentoo-user@lists.gentoo.org mailing list
 
Old 05-31-2008, 11:38 AM
Justin
 
Default glsa-check question

Marco Simeone schrieb:

Hello.
Do you know why glsa-check tells me to update sun-jdk, even if it's
alredy updated ?


# glsa-check -p $(glsa-check -t all)
This system is affected by the following GLSAs:
Checking GLSA 200705-23
The following updates will be performed for this GLSA:
dev-java/sun-jdk-1.5.0.15 (1.6.0.06 <http://1.6.0.06>)

Checking GLSA 200702-07
The following updates will be performed for this GLSA:
dev-java/sun-jdk-1.5.0.15 (1.6.0.06 <http://1.6.0.06>)

Checking GLSA 200701-15
The following updates will be performed for this GLSA:
dev-java/sun-jdk-1.5.0.15 (1.6.0.06 <http://1.6.0.06>)

On my system there are installed sun-jdk-1.6.0.06 and sun-jdk-1.4.2.17
(required by eclipse-sdk-3.2), but not sun-jdk-1.5.0.15.


Thanks,
Marco.
I noticed this a while ago and reported it to the sec herd. They say
that this something related to the way the glsa check works. That means
every new version has to proofed to be not affected. If you do


$ glsa-check -d 200705-23

you find this "Vulnerable: <1.6.0.01". So glsa-check found
version 1.6.0.6 to be affected and report this to you.



Reported it directly to the Sec herd or make a bug report to get this fixed.

Probably you like to ask why a package is marked stable but not be
proofed to be not affected by reported glsa's!?



As an easy work around you can inject them,

glsa-check -i 200705-23.
 

Thread Tools




All times are GMT. The time now is 09:38 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org