Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Missing Updated Packages from Security Advisories #1565

Open
rhoy-tenable opened this issue Sep 12, 2024 · 1 comment
Open

Missing Updated Packages from Security Advisories #1565

rhoy-tenable opened this issue Sep 12, 2024 · 1 comment
Labels
bug

Comments

@rhoy-tenable
Copy link

Describe the bug

Some security advisories are missing data in the Updated Packages Information section. As a result, it is not possible to determine which packages should be updated to mitigate the vulnerability.

==> ./Security-Update-3.0-302.md <==
==> ./Security-Update-4.0-675.md <==
==> ./Security-Update-3.0-79.md <==
==> ./Security-Update-3.0-140.md <==
==> ./Security-Update-5.0-268.md <==
==> ./Security-Update-3.0-193.md <==
==> ./Security-Update-3.0-313.md <==
==> ./Security-Update-1.0-261.md <==
==> ./Security-Update-1.0-241.md <==
==> ./Security-Update-3.0-6.md <==
==> ./Security-Update-3.0-33.md <==
==> ./Security-Update-5.0-131.md <==
==> ./Security-Update-1.0-234.md <==
==> ./Security-Update-3.0-26.md <==
==> ./Security-Update-1.0-277.md <==
==> ./Security-Update-3.0-773.md <==
==> ./Security-Update-4.0-608.md <==
==> ./Security-Update-4.0-589.md <==
==> ./Security-Update-1.0-267.md <==
==> ./Security-Update-3.0-676.md <==
==> ./Security-Update-1.0-223.md <==
==> ./Security-Update-1.0-276.md <==
==> ./Security-Update-1.0-242.md <==
==> ./Security-Update-3.0-389.md <==
==> ./Security-Update-3.0-680.md <==
==> ./Security-Update-4.0-250.md <==
==> ./Security-Update-3.0-748.md <==
==> ./Security-Update-4.0-592.md <==
==> ./Security-Update-3.0-305.md <==
==> ./Security-Update-1.0-248.md <==
==> ./Security-Update-4.0-405.md <==

Reproduction steps

  1. Clone wiki
  2. find . -type f -name "Security*.md" -exec tail -n1 -v {} \; | grep -B1 'Information' | grep 'Security'
  3. While there is probably a better way to find these file, this did work. These advisories are missing the Updated Packages Information.

Expected behavior

I expect all security advisories to have packages to update in order to mitigate the vulnerability.

Additional context

No response
@dcasota
Copy link
Contributor

dcasota commented Sep 12, 2024
edited
Loading

@rhoy-tenable the history information you are looking for is on older pages in revisions.
image

Example: For ./Security-Update-3.0-302.md, see e.g. revision page https://github.com/vmware/photon/wiki/Security-Update-3.0-302/cdae098fc5091ac015b8a7a4edb445072d512cbc
If I understood it correctly, if the information in 'Updated Packages Information' is empty, in the timeline there has been a 'feature' release and newer packages are not affected anymore by the issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dcasota @rhoy-tenable