mointrigue

Thanks!

OK, that's weird. It seems like for days even if I ran sudo glsa-check --list all I'd get nothing. I mean, I'd expect to see that if I used "affected". But today if I run the same command I get output, but nothing after April 2017, which does not match with GLSA announcements . This snippet was captured right after today's ego sync. <snip...> 201702-29 [U] PHP: Multiple vulnerabilities ( dev-lang/php ) 201702-30 [U] tcpdump: Multiple vulnerabilities ( net-analyzer/tcpdump ) 201702-31 [U] GPL Ghostscript: Multiple vulnerabilities ( app-text/ghostscript-gpl ) 201702-32 [U] Ruby Archive::Tar::Minitar: Directory traversal ( dev-ruby/archive-tar-minitar ) 201703-01 [U] OpenOffice: User-assisted execution of arbitrary code ( app-office/openoffice-bin ) 201703-02 [U] Adobe Flash Player: Multiple vulnerabilities ( www-plugins/adobe-flash ) 201703-03 [U] PuTTY: Buffer overflow ( net-misc/putty ) 201703-04 [U] cURL: Certificate validation error ( net-misc/curl ) [A] means this GLSA was marked as applied (injected), [U] means the system is not affected and [N] indicates that the system might be affected. 201703-05 [U] GNU Libtasn1: Denial of Service ( dev-libs/libtasn1 ) 201703-06 [U] Deluge: Remote execution of arbitrary code ( net-p2p/deluge ) 201703-07 [U] Xen: Privilege Escalation ( app-emulation/xen-tools ) 201704-01 [U] QEMU: Multiple vulnerabilities ( app-emulation/qemu ) 201704-02 [U] Chromium: Multiple vulnerabilities ( www-client/chromium ) 201704-03 [U] X.Org: Multiple vulnerabilities ( x11-base/xorg-server x11-libs/libICE x11-libs/libXdmcp ... )

Is there an equivalent function in funtoo for glsa-check? I'm still getting the hang of kits vs the portage tree, but as far as I can tell glsa-check always returns nothing since the meta-repo doesn't include the glsa notices.