This bug was fixed in the package ubuntu-advantage-tools - 36ubuntu0~24.10 --------------- ubuntu-advantage-tools (36ubuntu0~24.10) oracular; urgency=medium
* Backport 36ubuntu0 to oracular (LP: #2112382) ubuntu-advantage-tools (36ubuntu0) questing; urgency=medium * d/apparmor/ubuntu_pro_esm_cache.jinja2: use openssl abstraction in the apparmor profile * New upstream release 36: (LP: #2112382) - api: display all available valid CVEs - attach: relax the onlySeries directive, so users can attach onlySeries tokens to all releases older than the target release - cli: + anbox-cloud: update installation instructions + collect-logs: do not overwrite the output file if it exists + cve/cves: * return all affected packages for a cve (LP: #2111610) * handle the case where the vulnerability data doesn't exist for the Ubuntu release - fips: + enable --access-only for all fips related services (GH: #3441) + allow enablement even when the -updates pocket is not available in the system (GH: #3439) -- Renan Rodrigo <renanrodr...@canonical.com> Tue, 24 Jun 2025 09:20:14 -0300 ** Changed in: ubuntu-advantage-tools (Ubuntu Oracular) Status: Fix Committed => Fix Released ** Changed in: ubuntu-advantage-tools (Ubuntu Noble) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/2111610 Title: Running the `pro cve` command returns an error for some CVEs Status in ubuntu-advantage-tools package in Ubuntu: Fix Released Status in ubuntu-advantage-tools source package in Xenial: Fix Released Status in ubuntu-advantage-tools source package in Bionic: Fix Released Status in ubuntu-advantage-tools source package in Focal: Fix Released Status in ubuntu-advantage-tools source package in Jammy: Fix Released Status in ubuntu-advantage-tools source package in Noble: Fix Released Status in ubuntu-advantage-tools source package in Oracular: Fix Released Status in ubuntu-advantage-tools source package in Plucky: Fix Released Status in ubuntu-advantage-tools source package in Questing: Fix Released Bug description: [ Impact ] Running the `pro cve` command returns an error for some CVEs. For example: user@ubuntu-noble:~$ pro cve CVE-2022-49737 An unexpected error occurred: Empty table not supported. Please provide headers or rows. For more details, see the log: /home/renan/.cache/ubuntu-pro/ubuntu-pro.log If you think this is a bug, please run: ubuntu-bug ubuntu-advantage-tools That happens because the function that gets the affected binary packages is returning too early. It checks for all binaries in the first source package referenced in the CVE, when it should be checking for all binaries in all source packages. As a result, if the first source package referenced in the CVE has no binaries affected, the list of packages ends up empty, and the "Empty table not supported" is raised. The fix is clear: only return when all source packages are processed. [ Test Plan ] There is a new integration test in the client code which covers a CVE which presents this behavior. - To ensure the feature work, this test should be executed. - To avoid regressions caused by this change, all other integration tests related to the CVEs command will also be executed. - All tests must pass. Unfortunately, there is no test coverage for all Ubuntu releases where the fix must land. Manual tests must be executed in particular releases to ensure the fix works. For those tests, we have identified the following problematic CVEs: - Xenial, Bionic, Focal - CVE-2023-20569 - Jammy - CVE-2022-45885 - Noble - CVE-2024-45341 The steps are: - verify the error happens with the current version of the client - veryfy the error is gone with the proposed version of the client [ Where problems could occur ] The change makes the function return only after the loop through affected binaries finishes. If mistakes were made there, we would see regressions in the integration tests. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2111610/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp