Ubuntu
update-notifier package

False positive security update

Bug #1878730 reported by Ivan Kurnosov on 2020-05-15

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	update-notifier (Ubuntu)	New	Undecided	Unassigned

Bug Description

Running `/usr/lib/update-notifier/apt-check` returns `119;1`

If I patch the code to see what package is to be upgraded (eg in the `isSecurityUpgrade` function) - it shows `libpq5`.

The machine has nothing to do and had never ever installed postgresql client

And at the moment it's not installed either

```
$ apt policy libpq5
libpq5:
  Installed: (none)
  Candidate: 10.12-0ubuntu0.18.04.1
  Version table:
     10.12-0ubuntu0.18.04.1 500
        500 http://nz.archive.ubuntu.com/ubuntu bionic-updates/main amd64 Packages
        500 http://security.ubuntu.com/ubuntu bionic-security/main amd64 Packages
     10.3-1 500
        500 http://nz.archive.ubuntu.com/ubuntu bionic/main amd64 Packages
```

After debugging some more it looks like

```
            if not (depcache.marked_install(pkg) or
                    depcache.marked_upgrade(pkg)):
                continue
```

this is the condition to blame: I expect the predicate in parentheses to be false - as the package is not marker for install or upgrade.

Revision history for this message

Ivan Kurnosov (zerkms) wrote on 2020-05-15:

Upd: it's not a single unique case, I have a bunch of other machines (with different roles and a set of installed packages) and all them report `libpq5` as outdated (yet none of them have even it installed)

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntuupdate-notifier package

False positive security update

Bug Description

Other bug subscribers

Remote bug watches

Ubuntu
update-notifier package