[Bug 1878730] [NEW] False positive security update

Ivan Kurnosov zerkms at zerkms.ru
Fri May 15 02:12:02 UTC 2020 

Public bug reported:

Running `/usr/lib/update-notifier/apt-check` returns `119;1`

If I patch the code to see what package is to be upgraded (eg in the
`isSecurityUpgrade` function) - it shows `libpq5`.

The machine has nothing to do and had never ever installed postgresql
client

And at the moment it's not installed either

```
$ apt policy libpq5
libpq5:
  Installed: (none)
  Candidate: 10.12-0ubuntu0.18.04.1
  Version table:
     10.12-0ubuntu0.18.04.1 500
        500 http://nz.archive.ubuntu.com/ubuntu bionic-updates/main amd64 Packages
        500 http://security.ubuntu.com/ubuntu bionic-security/main amd64 Packages
     10.3-1 500
        500 http://nz.archive.ubuntu.com/ubuntu bionic/main amd64 Packages
```

After debugging some more it looks like

```
            if not (depcache.marked_install(pkg) or
                    depcache.marked_upgrade(pkg)):
                continue
```

this is the condition to blame: I expect the predicate in parentheses to
be false - as the package is not marker for install or upgrade.

** Affects: update-notifier (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to update-notifier in Ubuntu.
https://bugs.launchpad.net/bugs/1878730

Title:
  False positive security update

Status in update-notifier package in Ubuntu:
  New

Bug description:
  Running `/usr/lib/update-notifier/apt-check` returns `119;1`

  If I patch the code to see what package is to be upgraded (eg in the
  `isSecurityUpgrade` function) - it shows `libpq5`.

  The machine has nothing to do and had never ever installed postgresql
  client

  And at the moment it's not installed either

  ```
  $ apt policy libpq5
  libpq5:
    Installed: (none)
    Candidate: 10.12-0ubuntu0.18.04.1
    Version table:
       10.12-0ubuntu0.18.04.1 500
          500 http://nz.archive.ubuntu.com/ubuntu bionic-updates/main amd64 Packages
          500 http://security.ubuntu.com/ubuntu bionic-security/main amd64 Packages
       10.3-1 500
          500 http://nz.archive.ubuntu.com/ubuntu bionic/main amd64 Packages
  ```

  After debugging some more it looks like

  ```
              if not (depcache.marked_install(pkg) or
                      depcache.marked_upgrade(pkg)):
                  continue
  ```

  this is the condition to blame: I expect the predicate in parentheses
  to be false - as the package is not marker for install or upgrade.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/update-notifier/+bug/1878730/+subscriptions

More information about the foundations-bugs mailing list