Public bug reported:
[ Impact ]
Running the `pro cve` command returns an error for some CVEs. For example:
user@ubuntu-noble:~$ pro cve CVE-2022-49737
An unexpected error occurred: Empty table not supported. Please provide headers
or rows.
For more details, see the log: /home/renan/.cache/ubuntu-pro/ubuntu-pro.log
If you think this is a bug, please run: ubuntu-bug ubuntu-advantage-tools
That happens because the function that gets the affected binary packages is
returning too early.
It checks for all binaries in the first source package referenced in the CVE,
when it should be checking
for all binaries in all source packages.
As a result, if the first source package referenced in the CVE has no binaries
affected, the list of packages
ends up empty, and the "Empty table not supported" is raised.
The fix is clear: only return when all source packages are processed.
[ Test Plan ]
There is a new integration test in the client code which covers a CVE which
presents this behavior.
- To ensure the feature work, this test should be executed.
- To avoid regressions caused by this change, all other integration tests
related to the CVEs command will also be executed.
- All tests must pass.
Unfortunately, there is no test coverage for all Ubuntu releases where the fix
must land.
Manual tests must be executed in particular releases to ensure the fix works.
For those tests, we have identified the following problematic CVEs:
- Xenial, Bionic, Focal - CVE-2023-20569
- Jammy - CVE-2022-45885
- Noble - CVE-2024-45341
The steps are:
- verify the error happens with the current version of the client
- veryfy the error is gone with the proposed version of the client
[ Where problems could occur ]
The change makes the function return only after the loop through affected
binaries finishes. If mistakes were made there, we would see regressions in the
integration tests.
** Affects: ubuntu-advantage-tools (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2111610
Title:
Running the `pro cve` command returns an error for some CVEs
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2111610/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
