From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1JQ8r5-0005eN-1w for garchives@archives.gentoo.org; Fri, 15 Feb 2008 22:16:27 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 2C38EE04FE; Fri, 15 Feb 2008 22:16:25 +0000 (UTC) Received: from mail.cymeleons.de (www.cymeleons.de [212.101.202.50]) by pigeon.gentoo.org (Postfix) with ESMTP id DF012E04FE for ; Fri, 15 Feb 2008 22:16:24 +0000 (UTC) Received: from cybone (cybone.cymeleons.de [192.168.1.33]) by mail.cymeleons.de (Postfix) with ESMTP id F023E20B183 for ; Fri, 15 Feb 2008 23:16:23 +0100 (CET) From: "Olaf Niermann" To: Subject: RE: [gentoo-server] what happend to GLSA ? Date: Fri, 15 Feb 2008 23:16:59 +0100 Message-ID: <001e01c87020$7cf36750$2101a8c0@cybone> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-server@lists.gentoo.org Reply-to: gentoo-server@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: quoted-printable X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.6822 In-Reply-To: <20080215152022.GF6507@falco.falcal.net> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198 Thread-Index: Achv5kpQZc8ZXUD1Qy+rbtHFM8HHrQAOeWwg Importance: Normal X-Archives-Salt: 4b69e2c6-6add-4e7a-acc4-155b4e8866f7 X-Archives-Hash: e1f3ee36513b6884f27042a43a16b9c6 Hi Raphael, Just use the command # glsa-check -l |sort -n |tail And you will see that glsa is up to date. Regards, Olaf Niermann -----Original Message----- From: Raphael Marichez [mailto:falco@gentoo.org]=20 Sent: Friday, February 15, 2008 4:20 PM To: gentoo-server@lists.gentoo.org Subject: Re: [gentoo-server] what happend to GLSA ? On Tue, 08 Jan 2008, Tomasz Lutelmowski wrote: >=20 > The GLSA is not updating since 2007-12-25... >=20 > xxx etc # glsa-check -l | tail > [A] means this GLSA was already applied, > [U] means the system is not affected and > [N] indicates that the system might be affected. >=20 > 200712-16 [U] Exiv2: Integer overflow ( media-gfx/exiv2 ) > 200712-17 [U] exiftags: Multiple vulnerabilities ( media-gfx/exiftags = ) > 200712-18 [U] Multi-Threaded DAAP Daemon: Multiple vulnerabilities ( media- > sound/mt-daapd ) > 200712-19 [U] Syslog-ng: Denial of Service ( app-admin/syslog-ng ) > 200712-20 [U] ClamAV: Multiple vulnerabilities ( app-antivirus/clamav = ) > 200712-21 [U] Mozilla Firefox, SeaMonkey: Multiple vulnerabilities ( = www- > client/seamonkey www-client/mozilla-firefox-bin www-client/mozilla- > firefox ... ) > 200712-22 [U] Opera: Multiple vulnerabilities ( www-client/opera ) > 200712-23 [U] Wireshark: Multiple vulnerabilities ( = net-analyzer/wireshark ) > 200712-24 [U] AMD64 x86 emulation GTK+ library: User-assisted = execution of > arbitrary code ( app-emulation/emul-linux-x86-gtklibs ) > 200712-25 [U] OpenOffice.org: User-assisted arbitrary code execution ( app- > office/openoffice app-office/openoffice-bin dev-db/hsqldb ) >=20 > Is it temporary issue or Gentoo got new way of tracking = vulnerabilities ? indeed GLSA 200712-25 was sent 2007-12-30. After all, it was Chrismas holidays... We're still actively looking for helpers (which may become official security members after a probation period) for wrangling security bugs and writing GLSA. Mail to security@gentoo.org if interested. --=20 Raphael Marichez aka Falco -- gentoo-server@lists.gentoo.org mailing list