On Thu, 29 Jan 2015 20:53:31 -0500 Rich Freeman wrote: > On Thu, Jan 29, 2015 at 7:53 PM, Grant <emailgr...@gmail.com> wrote: > > > > glsa-check is working fine, it was a slotted issue. Still curious > > about a way to check for statically linked packages. > > > > False positives in glsa data aren't unheard of - log those as bugs - > vulnerable versions should be masked, and non-vulnerable versions > shouldn't be flagged. So, if an unmasked package is flagged, there is > a bug of some kind that should be fixed.
It seems like glsa-check can't handle intervals at all. If package have several intermittent intervals of vulnerable and fixed versions, e.g. multiple slots fix fixes in several slots, glsa-check fail: https://bugs.gentoo.org/show_bug.cgi?id=106677 Quite an old bug... Best regards, Andrew Savchenko
pgpAydWkL9zJS.pgp
Description: PGP signature
