On Mon, 19 Jan 2009 17:24:33 +0100 ra <[email protected]> wrote: > <package name="dev-java/sun-jdk" auto="yes" arch="*"> > <unaffected range="ge">1.6.0.05</unaffected> > <unaffected range="rge">1.5.0.16</unaffected> > <unaffected range="rge">1.5.0.15</unaffected> > <unaffected range="rge">1.4.2.17</unaffected> > <vulnerable range="lt">1.6.0.05</vulnerable> > </package> > > So the installed packages are not affected (also glsa-check does not > list them).
Yes they are. rge doesn't mean what you think it means. rge is only true if packages are equal excluding revision, *and* the package is greater than or equal to the value. Paludis is correct. The GLSA is wrong. This happens rather frequently... -- Ciaran McCreesh
signature.asc
Description: PGP signature
_______________________________________________ paludis-user mailing list [email protected] http://lists.pioto.org/mailman/listinfo/paludis-user
