View Issue Details

IDProjectCategoryView StatusLast Update
0000291AlmaLinux-8-OTHERpublic2022-08-09 09:30
Reporterap8 Assigned To 
PrioritynormalSeverityminorReproducibilityalways
Status newResolutionopen 
Platformx86_64OSAlmaLinuxOS Version8
Summary0000291: Errata entry missing for httpd
DescriptionAdvisory https://access.redhat.com/errata/RHSA-2022:5163 for CVE-2020-13950 is missing from AlmaLinux errata, but it is present in RockyLinux (https://errata.rockylinux.org/RLSA-2022:5163) and Oracle Linux (https://linux.oracle.com/errata/ELSA-2022-5163.html).
Steps To ReproduceIn RockyLinux:
<code>
[[email protected] ~]# dnf updateinfo --info --all --cve CVE-2020-13950
Last metadata expiration check: 1:23:17 ago on Sat 06 Aug 2022 11:23:52 UTC.
===============================================================================
  Low: httpd:2.4 security update
===============================================================================
  Update ID: RLSA-2022:5163
       Type: security
    Updated: 2022-07-07 20:12:43
       CVEs: CVE-2020-13950
Description: For more information visit https://errata.rockylinux.org/RLSA-2022:5163
   Severity: Low
  Installed: true
[[email protected] ~]#
</code>

In AlmaLimux:
<code>
[[email protected] ~]# dnf updateinfo --info --all --cve CVE-2020-13950
Last metadata expiration check: 1:25:21 ago on Sat 06 Aug 2022 11:20:58 UTC.

[[email protected] ~]#
</code>
TagsNo tags attached.
abrt_hash
URL

Activities

toracat

2022-08-08 23:15

reporter   ~0000656

Just an observation. The output on RHEL 8 looks similar to the one on Alma:

$ sudo dnf updateinfo --info --all --cve CVE-2020-13950
Updating Subscription Management repositories.
Last metadata expiration check: 0:26:50 ago on Mon 08 Aug 2022 03:35:41 PM PDT.

ap8

2022-08-09 09:30

reporter   ~0000657

Thanks @toracat.

I do not have access to a RHEL8 instance so I could not check before reporting the bug. I tried OracleLinux8 and that also behaves like AlmaLinux8 and RHEL8 (i.e. no output).

Nonetheless, I assume there may be something missing in AlmaLinux because if you search for `5163` in https://errata.almalinux.org/ you get nothing, but you get the advisory if you search for the same in RockyLinux (https://errata.rockylinux.org/) and RHEL (https://access.redhat.com/errata-search/#/?q=5163&p=1&sort=portal_publication_date%20desc&rows=10&portal_advisory_type=Security%20Advisory&portal_product=Red%20Hat%20Enterprise%20Linux&portal_product_version=8) errata pages.

Issue History

Date Modified Username Field Change
2022-08-06 12:57 ap8 New Issue
2022-08-08 23:15 toracat Note Added: 0000656
2022-08-09 09:30 ap8 Note Added: 0000657