Hi Raphael, Just use the command # glsa-check -l |sort -n |tail
And you will see that glsa is up to date. Regards, Olaf Niermann -----Original Message----- From: Raphael Marichez [mailto:[EMAIL PROTECTED] Sent: Friday, February 15, 2008 4:20 PM To: [email protected] Subject: Re: [gentoo-server] what happend to GLSA ? On Tue, 08 Jan 2008, Tomasz Lutelmowski wrote: > > The GLSA is not updating since 2007-12-25... > > xxx etc # glsa-check -l | tail > [A] means this GLSA was already applied, > [U] means the system is not affected and > [N] indicates that the system might be affected. > > 200712-16 [U] Exiv2: Integer overflow ( media-gfx/exiv2 ) > 200712-17 [U] exiftags: Multiple vulnerabilities ( media-gfx/exiftags ) > 200712-18 [U] Multi-Threaded DAAP Daemon: Multiple vulnerabilities ( media- > sound/mt-daapd ) > 200712-19 [U] Syslog-ng: Denial of Service ( app-admin/syslog-ng ) > 200712-20 [U] ClamAV: Multiple vulnerabilities ( app-antivirus/clamav ) > 200712-21 [U] Mozilla Firefox, SeaMonkey: Multiple vulnerabilities ( www- > client/seamonkey www-client/mozilla-firefox-bin www-client/mozilla- > firefox ... ) > 200712-22 [U] Opera: Multiple vulnerabilities ( www-client/opera ) > 200712-23 [U] Wireshark: Multiple vulnerabilities ( net-analyzer/wireshark ) > 200712-24 [U] AMD64 x86 emulation GTK+ library: User-assisted execution of > arbitrary code ( app-emulation/emul-linux-x86-gtklibs ) > 200712-25 [U] OpenOffice.org: User-assisted arbitrary code execution ( app- > office/openoffice app-office/openoffice-bin dev-db/hsqldb ) > > Is it temporary issue or Gentoo got new way of tracking vulnerabilities ? indeed GLSA 200712-25 was sent 2007-12-30. After all, it was Chrismas holidays... We're still actively looking for helpers (which may become official security members after a probation period) for wrangling security bugs and writing GLSA. Mail to [EMAIL PROTECTED] if interested. -- Raphael Marichez aka Falco -- [email protected] mailing list
