[Aptitude-devel] Bug#988128: aptitude: Security update not considered if a newer version is available

Alex Hermann gaaf at gmx.net
Thu May 6 10:34:17 BST 2021 

Package: aptitude
Version: 0.8.13-3
Severity: normal

Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: hexlaadmin at ispx2cproxy001.x2c.nl
To: Debian Bug Tracking System <submit at bugs.debian.org>
Subject: aptitude: Security update not considered if a newer version is available
Bcc: hexlaadmin at ispx2cproxy001.x2c.nl

Package: aptitude
Version: 0.8.11-7
Severity: normal

Dear Maintainer,

I started aptitude in UI mode to see the available security updates.
Unfortunately, some security updates where missing when a newer version
of the package is available from another repository. For example the apt
package:

$apt-cache policy apt
apt:
  Installed: 1.8.2.1
  Candidate: 1.8.2.3
  Version table:
     1.8.2.3 500
        500 http://ftp.nl.debian.org/debian buster-updates/main amd64 Packages
     1.8.2.2 500
        500 http://ftp.nl.debian.org/debian buster/main amd64 Packages
        500 http://security.debian.org buster/updates/main amd64 Packages
        500 http://security.debian.org/debian-security buster/updates/main amd64 Packages
 *** 1.8.2.1 100
        100 /var/lib/dpkg/status


Aptitude did not show version 1.8.2.2 under the "Security Updates" heading, but only version 1.8.2.3 under de regular "Upgradable Packages" heading.

I do not regularly install all the updates from buster-updates, only certain packages after impact review.

Due to the miscategorisation of the security updates, they were not installed.


Suggested fix: Always show all security updates under the "Security Updates"
heading. If packages meet the above conditions, show them in both/multiple
sections, each with the corresponding package version.


-- Package-specific info:
Terminal: xterm-256color
$DISPLAY is set.
which aptitude: /usr/bin/aptitude

aptitude version information:
aptitude 0.8.11
Compiler: g++ 8.2.0
Compiled against:
  apt version 5.0.2
  NCurses version 6.1
  libsigc++ version: 2.10.1
  Gtk+ support disabled.
  Qt support disabled.

Current library versions:
  NCurses version: ncurses 6.1.20181013
  cwidget version: 0.5.17
  Apt version: 5.0.2

aptitude linkage:
	linux-vdso.so.1 (0x00007ffca77bc000)
	libapt-pkg.so.5.0 => /lib/x86_64-linux-gnu/libapt-pkg.so.5.0 (0x00007f10bbd85000)
	libncursesw.so.6 => /lib/x86_64-linux-gnu/libncursesw.so.6 (0x00007f10bbd4b000)
	libtinfo.so.6 => /lib/x86_64-linux-gnu/libtinfo.so.6 (0x00007f10bbd1d000)
	libsigc-2.0.so.0 => /lib/x86_64-linux-gnu/libsigc-2.0.so.0 (0x00007f10bbd14000)
	libcwidget.so.3 => /lib/x86_64-linux-gnu/libcwidget.so.3 (0x00007f10bbc0e000)
	libsqlite3.so.0 => /lib/x86_64-linux-gnu/libsqlite3.so.0 (0x00007f10bbaec000)
	libboost_iostreams.so.1.67.0 => /lib/x86_64-linux-gnu/libboost_iostreams.so.1.67.0 (0x00007f10bbacc000)
	libboost_system.so.1.67.0 => /lib/x86_64-linux-gnu/libboost_system.so.1.67.0 (0x00007f10bbac5000)
	libxapian.so.30 => /lib/x86_64-linux-gnu/libxapian.so.30 (0x00007f10bb899000)
	libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007f10bb878000)
	libstdc++.so.6 => /lib/x86_64-linux-gnu/libstdc++.so.6 (0x00007f10bb6f4000)
	libm.so.6 => /lib/x86_64-linux-gnu/libm.so.6 (0x00007f10bb571000)
	libgcc_s.so.1 => /lib/x86_64-linux-gnu/libgcc_s.so.1 (0x00007f10bb555000)
	libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f10bb394000)
	libresolv.so.2 => /lib/x86_64-linux-gnu/libresolv.so.2 (0x00007f10bb37a000)
	libz.so.1 => /lib/x86_64-linux-gnu/libz.so.1 (0x00007f10bb15c000)
	libbz2.so.1.0 => /lib/x86_64-linux-gnu/libbz2.so.1.0 (0x00007f10bb149000)
	liblzma.so.5 => /lib/x86_64-linux-gnu/liblzma.so.5 (0x00007f10bb121000)
	liblz4.so.1 => /lib/x86_64-linux-gnu/liblz4.so.1 (0x00007f10bb100000)
	libzstd.so.1 => /lib/x86_64-linux-gnu/libzstd.so.1 (0x00007f10bb061000)
	libudev.so.1 => /lib/x86_64-linux-gnu/libudev.so.1 (0x00007f10bb03b000)
	libsystemd.so.0 => /lib/x86_64-linux-gnu/libsystemd.so.0 (0x00007f10baf9a000)
	/lib64/ld-linux-x86-64.so.2 (0x00007f10bc39e000)
	libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007f10baf95000)
	librt.so.1 => /lib/x86_64-linux-gnu/librt.so.1 (0x00007f10baf89000)
	libuuid.so.1 => /lib/x86_64-linux-gnu/libuuid.so.1 (0x00007f10baf80000)
	libgcrypt.so.20 => /lib/x86_64-linux-gnu/libgcrypt.so.20 (0x00007f10bae62000)
	libgpg-error.so.0 => /lib/x86_64-linux-gnu/libgpg-error.so.0 (0x00007f10bae3f000)

-- System Information:
Debian Release: 10.5
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-10-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=nl_NL.utf8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages aptitude depends on:
ii  aptitude-common           0.8.11-7
ii  libapt-pkg5.0             1.8.2.1
ii  libboost-iostreams1.67.0  1.67.0-13+deb10u1
ii  libboost-system1.67.0     1.67.0-13+deb10u1
ii  libc6                     2.28-10
ii  libcwidget3v5             0.5.17-11
ii  libgcc1                   1:8.3.0-6
ii  libncursesw6              6.1+20181013-2+deb10u2
ii  libsigc++-2.0-0v5         2.10.1-2
ii  libsqlite3-0              3.27.2-3
ii  libstdc++6                8.3.0-6
ii  libtinfo6                 6.1+20181013-2+deb10u2
ii  libxapian30               1.4.11-1

Versions of packages aptitude recommends:
pn  libparse-debianchangelog-perl  <none>
ii  sensible-utils                 0.0.12

Versions of packages aptitude suggests:
pn  apt-xapian-index                <none>
pn  aptitude-doc-en | aptitude-doc  <none>
pn  debtags                         <none>
pn  tasksel                         <none>

-- Configuration Files:
/etc/logrotate.d/aptitude changed [not included]

-- no debconf information


-- Package-specific info:
Terminal: xterm-256color
$DISPLAY is set.
which aptitude: /usr/bin/aptitude

aptitude version information:
aptitude 0.8.13
Compiler: g++ 10.2.1 20210110
Compiled against:
  apt version 6.0.0
  NCurses version 6.2
  libsigc++ version: 2.10.4
  Gtk+ support disabled.
  Qt support disabled.

Current library versions:
  NCurses version: ncurses 6.2.20201114
  cwidget version: 0.5.18
  Apt version: 6.0.0

aptitude linkage:
	linux-vdso.so.1 (0x00007ffca9f58000)
	libapt-pkg.so.6.0 => /usr/lib/x86_64-linux-gnu/libapt-pkg.so.6.0 (0x00007f1649364000)
	libncursesw.so.6 => /lib/x86_64-linux-gnu/libncursesw.so.6 (0x00007f1649329000)
	libtinfo.so.6 => /lib/x86_64-linux-gnu/libtinfo.so.6 (0x00007f16492fa000)
	libsigc-2.0.so.0 => /usr/lib/x86_64-linux-gnu/libsigc-2.0.so.0 (0x00007f16492f1000)
	libcwidget.so.4 => /usr/lib/x86_64-linux-gnu/libcwidget.so.4 (0x00007f16491eb000)
	libsqlite3.so.0 => /usr/lib/x86_64-linux-gnu/libsqlite3.so.0 (0x00007f16490a8000)
	libboost_iostreams.so.1.74.0 => /usr/lib/x86_64-linux-gnu/libboost_iostreams.so.1.74.0 (0x00007f164908d000)
	libxapian.so.30 => /usr/lib/x86_64-linux-gnu/libxapian.so.30 (0x00007f1648e6b000)
	libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007f1648e49000)
	libstdc++.so.6 => /usr/lib/x86_64-linux-gnu/libstdc++.so.6 (0x00007f1648c7c000)
	libm.so.6 => /lib/x86_64-linux-gnu/libm.so.6 (0x00007f1648b38000)
	libgcc_s.so.1 => /lib/x86_64-linux-gnu/libgcc_s.so.1 (0x00007f1648b1e000)
	libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f1648957000)
	libresolv.so.2 => /lib/x86_64-linux-gnu/libresolv.so.2 (0x00007f164893d000)
	libz.so.1 => /lib/x86_64-linux-gnu/libz.so.1 (0x00007f1648920000)
	libbz2.so.1.0 => /lib/x86_64-linux-gnu/libbz2.so.1.0 (0x00007f164890d000)
	liblzma.so.5 => /lib/x86_64-linux-gnu/liblzma.so.5 (0x00007f16488e5000)
	liblz4.so.1 => /usr/lib/x86_64-linux-gnu/liblz4.so.1 (0x00007f16488c2000)
	libzstd.so.1 => /usr/lib/x86_64-linux-gnu/libzstd.so.1 (0x00007f16487e5000)
	libudev.so.1 => /usr/lib/x86_64-linux-gnu/libudev.so.1 (0x00007f16487bd000)
	libsystemd.so.0 => /usr/lib/x86_64-linux-gnu/libsystemd.so.0 (0x00007f1648708000)
	libgcrypt.so.20 => /usr/lib/x86_64-linux-gnu/libgcrypt.so.20 (0x00007f16485e8000)
	libxxhash.so.0 => /usr/lib/x86_64-linux-gnu/libxxhash.so.0 (0x00007f16485cf000)
	/lib64/ld-linux-x86-64.so.2 (0x00007f16499ac000)
	libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007f16485c9000)
	librt.so.1 => /lib/x86_64-linux-gnu/librt.so.1 (0x00007f16485bc000)
	libuuid.so.1 => /usr/lib/x86_64-linux-gnu/libuuid.so.1 (0x00007f16485b3000)
	libgpg-error.so.0 => /lib/x86_64-linux-gnu/libgpg-error.so.0 (0x00007f164858d000)

-- System Information:
Debian Release: 11.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'stable'), (400, 'experimental'), (200, 'testing'), (110, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.10.0-5-amd64 (SMP w/4 CPU threads)
Kernel taint flags: TAINT_WARN, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=nl_NL.utf8 (charmap=UTF-8), LANGUAGE=en_US
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)

Versions of packages aptitude depends on:
ii  aptitude-common           0.8.13-3
ii  libapt-pkg6.0             2.2.3
ii  libboost-iostreams1.74.0  1.74.0-9
ii  libc6                     2.31-12
ii  libcwidget4               0.5.18-5
ii  libgcc-s1                 10.2.1-6
ii  libncursesw6              6.2+20201114-2
ii  libsigc++-2.0-0v5         2.10.4-2
ii  libsqlite3-0              3.34.1-3
ii  libstdc++6                10.2.1-6
ii  libtinfo6                 6.2+20201114-2
ii  libxapian30               1.4.18-3

Versions of packages aptitude recommends:
ii  libdpkg-perl    1.20.9
ii  sensible-utils  0.0.14

Versions of packages aptitude suggests:
pn  apt-xapian-index                <none>
pn  aptitude-doc-en | aptitude-doc  <none>
pn  debtags                         <none>
pn  tasksel                         <none>

-- no debconf information

More information about the Aptitude-devel mailing list