Ubuntu
update-notifier package

apt-check.py counts security updates twice if pkg in -updates and -security

Bug #413885 reported by Tim Frost
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
update-notifier (Ubuntu)
Fix Released
Undecided
Unassigned
Jaunty
New
Undecided
Unassigned

Bug Description

Binary package hint: update-notifier

Discussion on ubuntu-users from post https://lists.ubuntu.com/archives/ubuntu-users/2009-August/193694.html shows a situation where a set of security patches were released and available in both jaunty-security and jaunty-updates.

After the packages appeared in BOTH archives, and before they were installed, reports such as the message-of-the-day would report
 6 packages can be updated.
 12 updates are security updates.

It appears that the code to check for the presence of masked security updates is not catering for this case.

Possible fix attached. The patch is against karmic, but the same code appears in the jaunty version, at about line 107, rather than 140. Because of changes to the enclosing loop, the indentation is wrong for application of this patch to the 0.76.2 code used in jaunty.

Revision history for this message
Tim Frost (timfrost) wrote :

I just reviewed the patch. It cpompares the versions using '<=', but should probably be an explicit '==' as the critical condition is where the same version appears in both places

Revision history for this message
Tim Frost (timfrost) wrote :

I removed my original patch, as I realised that one of the changes between versions 0.76.8 and 0.87 of update-notifier is that this bug has been fixed in 0.87 (if the candidate version of the current package is itself a security update,it does a 'continue', to process the next package, and doesn't even enter the loop to find security updates).

That continue could be added between lines 103 and 104 of the version of apt_check.py in update-notifier version 0.76.8.

Revision history for this message
Michael Vogt (mvo) wrote :

Thanks for your analysis Tim! I mark it fix released, feel free to open a jaunty task.

Changed in update-notifier (Ubuntu):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.