Today I see the following: I uninstalled dev-libs/openssl-0.9.8s-r1 because there is a GLSA (201110-01 / openssl) against it.
But acroread-9.4.2 wants the installation of openssl-0.9.8s-r1: > # emerge -uDpvtN world These are the packages that would be merged, in reverse order: Calculating dependencies... done! [nomerge ] app-text/acroread-9.4.2 USE="cups ldap nsplugin -minimal" LINGUAS="de en -fr -ja" [ebuild NS ] dev-libs/openssl-0.9.8s-r1 [1.0.0f-r1] USE="gmp sse2 zlib -bindist -kerberos -test" 0 kB Total: 1 package (1 in new slot), Size of downloads: 0 kB The last stable openssl is already installed: > # eix -I openssl [I] dev-libs/openssl Available versions: (0.9.8) 0.9.8r ~0.9.8s 0.9.8s-r1 (0) 1.0.0d 1.0.0e ~1.0.0e-r1 ~1.0.0f 1.0.0f-r1 {bindist gmp kerberos rfc3779 sse2 static-libs test zlib} Installed versions: 1.0.0f-r1(07:52:58 PM 01/16/2012)(gmp sse2 zlib -bindist -kerberos -rfc3779 -static-libs -test) Homepage: http://www.openssl.org/ Description: As far as I know acroread is not unmasked in this installation, nor is openssl > # grep -i acro /etc/portage/* > # grep -i ssl /etc/portage/* shows nothing, so acroread and ssl is «stable». For now I just uninstalled acroread to prevent the installation of a buggy openssl version, but this seems wrong for a mostly stable installation... Any hints how to proceed? Is there any danger to have an old (and apparently buggy) openssl lib installed in parallel with the recent one? Urs