Snap Store Server

  1. Bug #1989431
  2. Activity log

Activity log for bug #1989431

Date Who What changed Old value New value Message
2022-09-13 08:45:00 Alan Griffiths bug added bug
2022-09-13 08:45:24 Alan Griffiths description I maintain a number of snaps and regularly receive messages about packages that have been updated in the Ubuntu Archive, typically because of a USN. Since early August these messages have referred to store revisions that have been superseded. https://forum.snapcraft.io/t/outdated-contains-outdated-ubuntu-packages/31205 > Here's an example from 2022-09-13: > > A scan of this snap shows that it was built with packages from the Ubuntu > archive that have since received security updates. The following lists new > USNs for affected binary packages in each snap revision: > > Revision r108 (amd64; channels: edge) > * libtiff5: 5523-2 > > Revision r109 (arm64; channels: edge) > * libtiff5: 5523-2 > > Revision r110 (armhf; channels: edge) > * libtiff5: 5523-2 > > Simply rebuilding the snap will pull in the new security updates and > resolve this. If your snap also contains vendored code, now might be a > good time to review it for any needed updates. > > Thank you for your snap and for attending to this matter. > > References: > * https://ubuntu.com/security/notices/USN-5523-2/ “Revision r108” was superseded on 20 July. It would appear that the notification messages are being generated from outdated information about the snaps. I maintain a number of snaps and regularly receive messages about packages that have been updated in the Ubuntu Archive, typically because of a USN. Since early August these messages have referred to store revisions that have been superseded. https://forum.snapcraft.io/t/outdated-contains-outdated-ubuntu-packages/31205 Here's an example from 2022-09-13: > A scan of this snap shows that it was built with packages from the Ubuntu > archive that have since received security updates. The following lists new > USNs for affected binary packages in each snap revision: > > Revision r108 (amd64; channels: edge) > * libtiff5: 5523-2 > > Revision r109 (arm64; channels: edge) > * libtiff5: 5523-2 > > Revision r110 (armhf; channels: edge) > * libtiff5: 5523-2 > > Simply rebuilding the snap will pull in the new security updates and > resolve this. If your snap also contains vendored code, now might be a > good time to review it for any needed updates. > > Thank you for your snap and for attending to this matter. > > References: > * https://ubuntu.com/security/notices/USN-5523-2/ “Revision r108” was superseded on 20 July. It would appear that the notification messages are being generated from outdated information about the snaps.