USNs notification service is sending emails to every revision uploader, even if the revision is not affected by the corresponding security notice
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
review-tools |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
This was reported in the public forum https:/
The issue here is that review-tools is adding to the pkg_db "uploaders" every revision "uploader_email" https:/
Steps to reproduce: add a revision to ./tests/
$ PYTHONPATH=./ ./bin/snap-
From: Snap Store <email address hidden>
To: <affected revision uploader>, <email address hidden>
Bcc: <email address hidden>, <email address hidden>
Subject: 0ad was built with outdated Ubuntu packages
A scan of this snap shows that it was built with packages from the Ubuntu
archive that have since received security updates. The following lists new
USNs for affected build packages in each snap revision:
Revision r11 (amd64; channels: stable, candidate, beta)
* snapcraft: 5501-1
Revision r12 (i386; channels: stable, candidate, beta)
* snapcraft: 5501-1
Revision r13 (amd64; channels: edge)
* snapcraft: 5501-1
Revision r14 (i386; channels: edge)
* snapcraft: 5501-1
Revision r15 (amd64; channels: edge)
* snapcraft: 5501-1
Revision r16 (i386; channels: edge)
* snapcraft: 5501-1
Simply rebuilding the snap will pull in the new security updates and
resolve this. If your snap also contains vendored code, now might be a
good time to review it for any needed updates.
Thank you for your snap and for attending to this matter.
References:
* https:/
Related branches
- Alex Murray: Approve
-
Diff: 131 lines (+71/-2)4 files modifiedreviewtools/store.py (+3/-1)
reviewtools/tests/test_store.py (+39/-1)
tests/test-rocks-store-unittest-1.db (+14/-0)
tests/test-store-unittest-1.db (+15/-0)
Changed in review-tools: | |
status: | New → Confirmed |
Changed in review-tools: | |
status: | Confirmed → In Progress |
Changed in review-tools: | |
status: | In Progress → Fix Released |