group.of.nepali.translators team mailing list archive

Thread
Date
[Bug 2111610] Re: Running the `pro cve` command returns an error for some CVEs

To: group.of.nepali.translators@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <2111610@xxxxxxxxxxxxxxxxxx>
Date: Tue, 08 Jul 2025 12:35:18 -0000
Reply-to: Bug 2111610 <2111610@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx
This bug was fixed in the package ubuntu-advantage-tools -
36ubuntu0~20.04

---------------
ubuntu-advantage-tools (36ubuntu0~20.04) focal; urgency=medium

  * Backport 36ubuntu0 to focal (LP: #2112382)

ubuntu-advantage-tools (36ubuntu0) questing; urgency=medium

  * d/apparmor/ubuntu_pro_esm_cache.jinja2: use openssl abstraction in the
    apparmor profile
  * New upstream release 36: (LP: #2112382)
    - api: display all available valid CVEs
    - attach: relax the onlySeries directive, so users can attach onlySeries
      tokens to all releases older than the target release
    - cli:
      + anbox-cloud: update installation instructions
      + collect-logs: do not overwrite the output file if it exists
      + cve/cves:
        * return all affected packages for a cve (LP: #2111610)
        * handle the case where the vulnerability data doesn't exist for the
          Ubuntu release
    - fips:
      + enable --access-only for all fips related services (GH: #3441)
      + allow enablement even when the -updates pocket is not available in the
        system (GH: #3439)

 -- Renan Rodrigo <renanrodrigo@xxxxxxxxxxxxx>  Tue, 24 Jun 2025
09:20:07 -0300

** Changed in: ubuntu-advantage-tools (Ubuntu Bionic)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/2111610

Title:
  Running the `pro cve` command returns an error for some CVEs

Status in ubuntu-advantage-tools package in Ubuntu:
  Fix Released
Status in ubuntu-advantage-tools source package in Xenial:
  Fix Released
Status in ubuntu-advantage-tools source package in Bionic:
  Fix Released
Status in ubuntu-advantage-tools source package in Focal:
  Fix Released
Status in ubuntu-advantage-tools source package in Jammy:
  Fix Released
Status in ubuntu-advantage-tools source package in Noble:
  Fix Released
Status in ubuntu-advantage-tools source package in Oracular:
  Fix Released
Status in ubuntu-advantage-tools source package in Plucky:
  Fix Released
Status in ubuntu-advantage-tools source package in Questing:
  Fix Released

Bug description:
  [ Impact ]
  Running the `pro cve` command returns an error for some CVEs. For example:

  user@ubuntu-noble:~$ pro cve CVE-2022-49737
  An unexpected error occurred: Empty table not supported. Please provide headers or rows.
  For more details, see the log: /home/renan/.cache/ubuntu-pro/ubuntu-pro.log
  If you think this is a bug, please run: ubuntu-bug ubuntu-advantage-tools

  That happens because the function that gets the affected binary packages is returning too early.
  It checks for all binaries in the first source package referenced in the CVE, when it should be checking
  for all binaries in all source packages.

  As a result, if the first source package referenced in the CVE has no binaries affected, the list of packages
  ends up empty, and the "Empty table not supported" is raised.

  The fix is clear: only return when all source packages are processed.

  [ Test Plan ]
  There is a new integration test in the client code which covers a CVE which presents this behavior.
  - To ensure the feature work, this test should be executed.
  - To avoid regressions caused by this change, all other integration tests related to the CVEs command will also be executed.
  - All tests must pass.

  Unfortunately, there is no test coverage for all Ubuntu releases where the fix must land.
  Manual tests must be executed in particular releases to ensure the fix works.

  For those tests, we have identified the following problematic CVEs:
  - Xenial, Bionic, Focal - CVE-2023-20569
  - Jammy - CVE-2022-45885
  - Noble - CVE-2024-45341

  The steps are:
  - verify the error happens with the current version of the client
  - veryfy the error is gone with the proposed version of the client

  [ Where problems could occur ]
  The change makes the function return only after the loop through affected binaries finishes. If mistakes were made there, we would see regressions in the integration tests.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2111610/+subscriptions