>> >> GLSA 201512-07 requires that I remove gstreamer-0.10 but I'm >> >> finding it rather inextricable due to dependencies. Has anyone >> >> else run into this problem? >> > >> > I think this is another case of glsa-check not handling slots >> > correctly. >> >> I believe it handles ranges fine, but it seems that we occasionally >> have GLSAs that don't correctly specify ranges. You can log a bug >> against it. > > AFAICT, details of the gstreamer bug itself haven't been made public > yet, and nobody is sure whether the unmaintained 0.10 branch needs a > patch. See <https://bugs.gentoo.org/show_bug.cgi?id=553742#c11> and > the following comment.
So everyone is just living with the supposed security vulnerability on their system? - Grant