Comment 8 for bug 1031680

I've reported this upstream, since I don't see that this bug will get fixed any other way: https://sourceforge.net/tracker/?func=detail&aid=3614595&group_id=29880&atid=397597

I'm dubious about calling this a security vulnerability. I can see your logic, but this bug's root cause is the fundamental design of check_apt (fragile apt-get simulation parsing) causing it to not work for security purposes at all. I'd love to see this fixed, but it might be better to just write an entirely separate plugin based on calling /usr/lib/update-notifier/apt-check instead. In that case, it might be better to just say that check_apt is unsuitable for detecting security updates on Ubuntu, and what you really have is a wishlist bug for a different plugin that *is* capable of it. Since /usr/lib/update-notifier/apt-check is machine readable, such an alternative plugin could be about five lines of shell. I have asked if such a contribution would be welcome in the upstream bug.

Anyway, how to classify this bug isn't really going to change anything. I have asked upstream for comments on a suitable fix. A working interface to get the required information is available. We can follow whatever they decide to do.