group.of.nepali.translators team mailing list archive

Thread
Date
[Bug 2111610] Re: Running the `pro cve` command returns an error for some CVEs

To: group.of.nepali.translators@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <2111610@xxxxxxxxxxxxxxxxxx>
Date: Tue, 24 Jun 2025 20:02:16 -0000
Reply-to: Bug 2111610 <2111610@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx
This bug was fixed in the package ubuntu-advantage-tools - 36ubuntu0

---------------
ubuntu-advantage-tools (36ubuntu0) questing; urgency=medium

  * d/apparmor/ubuntu_pro_esm_cache.jinja2: use openssl abstraction in the
    apparmor profile
  * New upstream release 36: (LP: #2112382)
    - api: display all available valid CVEs
    - attach: relax the onlySeries directive, so users can attach onlySeries
      tokens to all releases older than the target release
    - cli:
      + anbox-cloud: update installation instructions
      + collect-logs: do not overwrite the output file if it exists
      + cve/cves:
        * return all affected packages for a cve (LP: #2111610)
        * handle the case where the vulnerability data doesn't exist for the
          Ubuntu release
    - fips:
      + enable --access-only for all fips related services (GH: #3441)
      + allow enablement even when the -updates pocket is not available in the
        system (GH: #3439)

 -- Renan Rodrigo <renanrodrigo@xxxxxxxxxxxxx>  Fri, 06 Jun 2025
11:08:26 -0300

** Changed in: ubuntu-advantage-tools (Ubuntu Questing)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/2111610

Title:
  Running the `pro cve` command returns an error for some CVEs

Status in ubuntu-advantage-tools package in Ubuntu:
  Fix Released
Status in ubuntu-advantage-tools source package in Xenial:
  Fix Committed
Status in ubuntu-advantage-tools source package in Bionic:
  Fix Committed
Status in ubuntu-advantage-tools source package in Focal:
  Fix Committed
Status in ubuntu-advantage-tools source package in Jammy:
  Fix Committed
Status in ubuntu-advantage-tools source package in Noble:
  Fix Committed
Status in ubuntu-advantage-tools source package in Oracular:
  Fix Committed
Status in ubuntu-advantage-tools source package in Plucky:
  Fix Committed
Status in ubuntu-advantage-tools source package in Questing:
  Fix Released

Bug description:
  [ Impact ]
  Running the `pro cve` command returns an error for some CVEs. For example:

  user@ubuntu-noble:~$ pro cve CVE-2022-49737
  An unexpected error occurred: Empty table not supported. Please provide headers or rows.
  For more details, see the log: /home/renan/.cache/ubuntu-pro/ubuntu-pro.log
  If you think this is a bug, please run: ubuntu-bug ubuntu-advantage-tools

  That happens because the function that gets the affected binary packages is returning too early.
  It checks for all binaries in the first source package referenced in the CVE, when it should be checking
  for all binaries in all source packages.

  As a result, if the first source package referenced in the CVE has no binaries affected, the list of packages
  ends up empty, and the "Empty table not supported" is raised.

  The fix is clear: only return when all source packages are processed.

  [ Test Plan ]
  There is a new integration test in the client code which covers a CVE which presents this behavior.
  - To ensure the feature work, this test should be executed.
  - To avoid regressions caused by this change, all other integration tests related to the CVEs command will also be executed.
  - All tests must pass.

  Unfortunately, there is no test coverage for all Ubuntu releases where the fix must land.
  Manual tests must be executed in particular releases to ensure the fix works.

  For those tests, we have identified the following problematic CVEs:
  - Xenial, Bionic, Focal - CVE-2023-20569
  - Jammy - CVE-2022-45885
  - Noble - CVE-2024-45341

  The steps are:
  - verify the error happens with the current version of the client
  - veryfy the error is gone with the proposed version of the client

  [ Where problems could occur ]
  The change makes the function return only after the loop through affected binaries finishes. If mistakes were made there, we would see regressions in the integration tests.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2111610/+subscriptions