Skip to content
This repository has been archived by the owner on Sep 16, 2022. It is now read-only.

Hide unfixable issue (Debian) #820

Closed
vpetersson opened this issue Mar 27, 2020 · 1 comment
Closed

Hide unfixable issue (Debian) #820

vpetersson opened this issue Mar 27, 2020 · 1 comment

Comments

@vpetersson
Copy link
Contributor

I got an alert today for one of my Debian nodes:

Screen Shot 2020-03-27 at 10 46 21 AM

Screen Shot 2020-03-27 at 10 46 26 AM

However, there is no upgrade available:

mvip@wott-debian-buster:~$ sudo wott-agent upgrade libicu63

wott-agent version wott-agent 0.1.5.801-6c71abb
upgrade packages: ['libicu63']
Hit http://security.debian.org/debian-security buster/updates InRelease
Hit http://deb.debian.org/debian buster InRelease
Hit http://deb.debian.org/debian buster-updates InRelease
Hit https://packagecloud.io/wott/agent/debian buster InRelease
Fetched 0 B in 0s (0 B/s)
The following packages will be upgraded:

Confirm: [y/N]python-iptables: match "state" already registered
mvip@wott-debian-buster:~$

I'm unsure if this is related to this issue.

Related bug:
@vpetersson
Copy link
Contributor Author

vpetersson commented Mar 27, 2020
edited
Loading

Strange.

The Debian Security Tracker does indeed say that it has been fixed in 63.1-6+deb10u1.

However, it is not being picked up.

mvip@wott-debian-buster:~$ sudo apt update
Hit:1 http://deb.debian.org/debian buster InRelease
Hit:2 http://security.debian.org/debian-security buster/updates InRelease
Hit:3 http://deb.debian.org/debian buster-updates InRelease
Hit:4 https://packagecloud.io/wott/agent/debian buster InRelease
Reading package lists... Done
Building dependency tree
Reading state information... Done
All packages are up to date.

$ sudo apt-get install libicu63
Reading package lists... Done
Building dependency tree
Reading state information... Done
libicu63 is already the newest version (63.1-6+deb10u1).
libicu63 set to manually installed.
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

Also, the security repo as the CVE refers to it has been resolved in, is included:

$ grep 'security' /etc/apt/sources.list
deb http://security.debian.org/debian-security buster/updates main
deb-src http://security.debian.org/debian-security buster/updates main

Looking closer, it turns out that it was just that the agent has not submitted the data. The node has indeed been fixed. Hence this is most likely related to WoTTsecurity/agent#286

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@vpetersson