[Bug 1574193] [NEW] ubuntu-support-status lists end-of-support packages (after EOL) as supported

Matthias Andree 1574193 at bugs.launchpad.net
Sun Apr 24 08:39:43 UTC 2016 

*** This bug is a security vulnerability ***

Public security bug reported:

Please see the screen dump below. It contains a section "Supported until
February 2015 (9m):", but it is April 2016, so the packages should NOT
appear in the --show-supported list, and it should NOT be introduced
with "Supported..." because the packages listed below that banner line
are UNsupported.

------

$ LC_ALL=en_US.UTF-8 LANGUAGE=en LANG=en_US.UTF-8 ubuntu-support-status --show-supported
Support status summary of 'rho':

You have 29 packages (0.9%) supported until January 2017 (9m)
You have 245 packages (7.4%) supported until February 2015 (9m)
You have 201 packages (6.1%) supported until May 2017 (3y)
You have 2290 packages (68.9%) supported until May 2019 (5y)

You have 18 packages (0.5%) that can not/no-longer be downloaded
You have 539 packages (16.2%) that are unsupported
Supported until January 2017 (9m):
libclang-common-3.6-dev libclang1-3.6 libglamor-ltst0 libllvm3.6 
linux-headers-3.13.0-65 linux-headers-3.13.0-65-generic 
[...]

Supported until February 2015 (9m):
apparmor-docs apparmor-utils asciidoc autopoint bash-doc bsh 
checkbox-qt chromium-browser chromium-browser-l10n 
chromium-codecs-ffmpeg-extra comerr-dev dblatex debconf-doc 
dh-autoreconf docbook-dsssl docbook-utils doxygen doxygen-latex 
enblend enfuse expect faad foomatic-db-engine fortune-mod 
[...]

ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: update-manager-core 1:0.196.14
ProcVersionSignature: Ubuntu 3.13.0-83.127-generic 3.13.11-ckt35
Uname: Linux 3.13.0-83-generic i686
NonfreeKernelModules: nvidia
ApportVersion: 2.14.1-0ubuntu3.19
Aptdaemon:
 
Architecture: i386
Date: Sun Apr 24 10:29:43 2016
EcryptfsInUse: Yes
GsettingsChanges:
 b'com.ubuntu.update-manager' b'show-details' b'true'
 b'com.ubuntu.update-manager' b'first-run' b'false'
 b'com.ubuntu.update-manager' b'check-new-release-ignore' b"'natty'"
 b'com.ubuntu.update-manager' b'launch-time' b'1323564009'
PackageArchitecture: all
SourcePackage: update-manager
UpgradeStatus: Upgraded to trusty on 2014-12-25 (486 days ago)

** Affects: update-manager (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: apport-bug bitesize i386 needs-coding third-party-packages trusty

** Attachment removed: "CurrentDmesg.txt.txt"
   https://bugs.launchpad.net/ubuntu/+source/update-manager/+bug/1574193/+attachment/4645032/+files/CurrentDmesg.txt.txt

** Attachment removed: "ProcEnviron.txt"
   https://bugs.launchpad.net/ubuntu/+source/update-manager/+bug/1574193/+attachment/4645036/+files/ProcEnviron.txt

** Attachment removed: "DpkgHistoryLog.txt.txt"
   https://bugs.launchpad.net/ubuntu/+source/update-manager/+bug/1574193/+attachment/4645034/+files/DpkgHistoryLog.txt.txt

** Attachment removed: "DpkgTerminalLog.txt.txt"
   https://bugs.launchpad.net/ubuntu/+source/update-manager/+bug/1574193/+attachment/4645035/+files/DpkgTerminalLog.txt.txt

** Information type changed from Private Security to Public Security

** Summary changed:

- ubuntu-support-status lists end-of-supported packages as supported 
+ ubuntu-support-status lists end-of-support packages (after EOL) as supported

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to update-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1574193

Title:
  ubuntu-support-status lists end-of-support packages (after EOL) as
  supported

Status in update-manager package in Ubuntu:
  New

Bug description:
  Please see the screen dump below. It contains a section "Supported
  until February 2015 (9m):", but it is April 2016, so the packages
  should NOT appear in the --show-supported list, and it should NOT be
  introduced with "Supported..." because the packages listed below that
  banner line are UNsupported.

  ------

  $ LC_ALL=en_US.UTF-8 LANGUAGE=en LANG=en_US.UTF-8 ubuntu-support-status --show-supported
  Support status summary of 'rho':

  You have 29 packages (0.9%) supported until January 2017 (9m)
  You have 245 packages (7.4%) supported until February 2015 (9m)
  You have 201 packages (6.1%) supported until May 2017 (3y)
  You have 2290 packages (68.9%) supported until May 2019 (5y)

  You have 18 packages (0.5%) that can not/no-longer be downloaded
  You have 539 packages (16.2%) that are unsupported
  Supported until January 2017 (9m):
  libclang-common-3.6-dev libclang1-3.6 libglamor-ltst0 libllvm3.6 
  linux-headers-3.13.0-65 linux-headers-3.13.0-65-generic 
  [...]

  Supported until February 2015 (9m):
  apparmor-docs apparmor-utils asciidoc autopoint bash-doc bsh 
  checkbox-qt chromium-browser chromium-browser-l10n 
  chromium-codecs-ffmpeg-extra comerr-dev dblatex debconf-doc 
  dh-autoreconf docbook-dsssl docbook-utils doxygen doxygen-latex 
  enblend enfuse expect faad foomatic-db-engine fortune-mod 
  [...]

  ProblemType: Bug
  DistroRelease: Ubuntu 14.04
  Package: update-manager-core 1:0.196.14
  ProcVersionSignature: Ubuntu 3.13.0-83.127-generic 3.13.11-ckt35
  Uname: Linux 3.13.0-83-generic i686
  NonfreeKernelModules: nvidia
  ApportVersion: 2.14.1-0ubuntu3.19
  Aptdaemon:
   
  Architecture: i386
  Date: Sun Apr 24 10:29:43 2016
  EcryptfsInUse: Yes
  GsettingsChanges:
   b'com.ubuntu.update-manager' b'show-details' b'true'
   b'com.ubuntu.update-manager' b'first-run' b'false'
   b'com.ubuntu.update-manager' b'check-new-release-ignore' b"'natty'"
   b'com.ubuntu.update-manager' b'launch-time' b'1323564009'
  PackageArchitecture: all
  SourcePackage: update-manager
  UpgradeStatus: Upgraded to trusty on 2014-12-25 (486 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/update-manager/+bug/1574193/+subscriptions

More information about the foundations-bugs mailing list