FS#69660 - [arch-audit] -t reports non-existent [testing] packages
Attached to Project:
Community Packages
Opened by mpan (mpan) - Tuesday, 16 February 2021, 16:40 GMT
Last edited by Levente Polyak (anthraxx) - Wednesday, 17 February 2021, 12:34 GMT
Opened by mpan (mpan) - Tuesday, 16 February 2021, 16:40 GMT
Last edited by Levente Polyak (anthraxx) - Wednesday, 17 February 2021, 12:34 GMT
|
Details
Description:
python-cryptography and python2-cryptography are affected by CVE-2020-36242. `arch-audit -t` reports both packages as available in [testing] (as ≥3.4-1), yet only python-cryptography is available in [testing]. It seem split packages are reported wrong. Additional info: * arch-audit 0.1.16-1 * tested wth python{,2}-cryptography 3.3.1-1 installed. The output of `arch-audit -t`: […] python-cryptography is affected by incorrect calculation. Medium risk! Update to at least3.4-1 from the testing repos! python2-cryptography is affected by incorrect calculation. Medium risk! Update to at least3.4-1 from the testing repos! […] |
This task depends upon
Closed by Levente Polyak (anthraxx)
Wednesday, 17 February 2021, 12:34 GMT
Reason for closing: Not a bug
Additional comments about closing: fixed in the tracked data
Wednesday, 17 February 2021, 12:34 GMT
Reason for closing: Not a bug
Additional comments about closing: fixed in the tracked data
Comment by
Levente Polyak (anthraxx) -
Wednesday, 17 February 2021, 12:33 GMT
this is a problem with the tracked data, not arch-audit. the
package has been removed from split packages but the old one
remained in the same AVG group. tracking data is wrong and should
be reporter in #archlinux-security