Then if 'apt' nor 'landscape' can't have viable change. The only other workaround I can think of would be to modify the way USN database pickle works to include dependencies for package with USN vulnerability to avoid this situation like this at least for dependencies within the same source package.
Example : In this case, if instead of only flagging systemd, the USN was also flagging libsystemd0 (part of the same source package) the problem wouldn't have happen. I would like to have security thought about this ? - Eric ** Summary changed: - apt behaviour when package version -gt in -update than -security with strict dependencies rules + apt behaviour when package version -gt in -updates than -security with strict dependencies rules ** Summary changed: - apt behaviour when package version -gt in -updates than -security with strict dependencies rules + apt behaviour when package with strict dependencies rules and version -gt in -updates than -security. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1788486 Title: apt behaviour when package with strict dependencies rules and version -gt in -updates than -security. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1788486/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
