photon icon indicating copy to clipboard operation
photon copied to clipboard
verified publisher icon vmware

Missing Updated Packages from Security Advisories

Open rhoy-tenable opened this issue 1 year ago • 1 comments

Describe the bug

Some security advisories are missing data in the Updated Packages Information section. As a result, it is not possible to determine which packages should be updated to mitigate the vulnerability.

==> ./Security-Update-3.0-302.md <== ==> ./Security-Update-4.0-675.md <== ==> ./Security-Update-3.0-79.md <== ==> ./Security-Update-3.0-140.md <== ==> ./Security-Update-5.0-268.md <== ==> ./Security-Update-3.0-193.md <== ==> ./Security-Update-3.0-313.md <== ==> ./Security-Update-1.0-261.md <== ==> ./Security-Update-1.0-241.md <== ==> ./Security-Update-3.0-6.md <== ==> ./Security-Update-3.0-33.md <== ==> ./Security-Update-5.0-131.md <== ==> ./Security-Update-1.0-234.md <== ==> ./Security-Update-3.0-26.md <== ==> ./Security-Update-1.0-277.md <== ==> ./Security-Update-3.0-773.md <== ==> ./Security-Update-4.0-608.md <== ==> ./Security-Update-4.0-589.md <== ==> ./Security-Update-1.0-267.md <== ==> ./Security-Update-3.0-676.md <== ==> ./Security-Update-1.0-223.md <== ==> ./Security-Update-1.0-276.md <== ==> ./Security-Update-1.0-242.md <== ==> ./Security-Update-3.0-389.md <== ==> ./Security-Update-3.0-680.md <== ==> ./Security-Update-4.0-250.md <== ==> ./Security-Update-3.0-748.md <== ==> ./Security-Update-4.0-592.md <== ==> ./Security-Update-3.0-305.md <== ==> ./Security-Update-1.0-248.md <== ==> ./Security-Update-4.0-405.md <==

Reproduction steps

  1. Clone wiki
  2. find . -type f -name "Security*.md" -exec tail -n1 -v {} \; | grep -B1 'Information' | grep 'Security'
  3. While there is probably a better way to find these file, this did work. These advisories are missing the Updated Packages Information.

Expected behavior

I expect all security advisories to have packages to update in order to mitigate the vulnerability.

Additional context

No response

rhoy-tenable avatar Sep 12 '24 13:09 rhoy-tenable

@rhoy-tenable the history information you are looking for is on older pages in revisions. image

Example: For ./Security-Update-3.0-302.md, see e.g. revision page https://github.com/vmware/photon/wiki/Security-Update-3.0-302/cdae098fc5091ac015b8a7a4edb445072d512cbc If I understood it correctly, if the information in 'Updated Packages Information' is empty, in the timeline there has been a 'feature' release and newer packages are not affected anymore by the issue.

dcasota avatar Sep 12 '24 14:09 dcasota