Marco Simeone schrieb:
I noticed this a while ago and reported it to the sec herd. They say that this something related to the way the glsa check works. That means every new version has to proofed to be not affected. If you doHello.Do you know why glsa-check tells me to update sun-jdk, even if it's alredy updated ?# glsa-check -p $(glsa-check -t all) This system is affected by the following GLSAs: Checking GLSA 200705-23 The following updates will be performed for this GLSA: dev-java/sun-jdk-1.5.0.15 (1.6.0.06 <http://1.6.0.06>) Checking GLSA 200702-07 The following updates will be performed for this GLSA: dev-java/sun-jdk-1.5.0.15 (1.6.0.06 <http://1.6.0.06>) Checking GLSA 200701-15 The following updates will be performed for this GLSA: dev-java/sun-jdk-1.5.0.15 (1.6.0.06 <http://1.6.0.06>)On my system there are installed sun-jdk-1.6.0.06 and sun-jdk-1.4.2.17 (required by eclipse-sdk-3.2), but not sun-jdk-1.5.0.15.Thanks, Marco.
$ glsa-check -d 200705-23you find this "Vulnerable: <1.6.0.01". So glsa-check found version 1.6.0.6 to be affected and report this to you.
Reported it directly to the Sec herd or make a bug report to get this fixed.Probably you like to ask why a package is marked stable but not be proofed to be not affected by reported glsa's!?
As an easy work around you can inject them, glsa-check -i 200705-23.
signature.asc
Description: OpenPGP digital signature
