# openssl GLSA 201603-15

## BHReach

I have this conundrum.

2 computer plum and pear:

```
pear ~ # glsa-check -t all

This system is affected by the following GLSAs:

201603-15

pear ~ # openssl version

OpenSSL 1.0.2h  3 May 2016
```

```
plum ~ # glsa-check -t all

This system is not affected by any of the listed GLSAs

plum ~ # openssl version

OpenSSL 1.0.2h  3 May 2016
```

According to the docs:

OpenSSL: Multiple vulnerabilities — GLSA 201603-15

Package	dev-libs/openssl on all architectures

Affected versions	< 1.0.2g-r2

Unaffected versions	>= 1.0.2g-r2

Neither should be affected by it (they both have the same version of openssl???)

Why is this happening?

----------

## Ant P.

Post the output from emerge -cpv '<openssl-1.0.2g-r2'

----------

## BHReach

 *Ant P. wrote:*   

> Post the output from emerge -cpv '<openssl-1.0.2g-r2'

 

```
pear ~ $ emerge -cpv '<openssl-1.0.2g-r2'

Calculating dependencies... done!

  dev-libs/openssl-0.9.8z_p8 pulled in by:

    app-text/acroread-9.5.5-r3 requires dev-libs/openssl:0.9.8[abi_x86_32(-)]

>>> No packages selected for removal by depclean

Packages installed:   1168

Packages in world:    155

Packages in system:   44

Required packages:    1168

Number to remove:     0
```

```
plum ~ $ emerge -cpv '<openssl-1.0.2g-r2'

--- Couldn't find '<dev-libs/openssl-1.0.2g-r2' to depclean.

>>> No packages selected for removal by depclean
```

----------

## Ant P.

You have the proprietary Adobe Acrobat reader installed, which in turn depends on a vulnerable version of OpenSSL. glsa-check's output is correct after all.

----------

## BHReach

 *Ant P. wrote:*   

> You have the proprietary Adobe Acrobat reader installed, which in turn depends on a vulnerable version of OpenSSL. glsa-check's output is correct after all.

 

Unfortunately all the other pdf readers have trouble rendering or printing some documents. The only other option is to use the current version on Windows and I am sure that it has its own security vulnerabilities.

I don't use it that often but when okular or qpdfview don't work, I have no other choice.

----------

