Bug 1750528

Summary: "yum updateinfo list cves" does not list cves
Product: Red Hat Enterprise Linux 8 Reporter: jcastran
Component: dnfAssignee: Marek Blaha <mblaha>
Status: CLOSED ERRATA QA Contact: Luca Berton <lberton>
Severity: high Docs Contact:
Priority: high    
Version: 8.2CC: amatej, dbodnarc, emrakova, james.antill, jcoopman, lberton, lyndon.lapierre, mblaha, sujagtap
Target Milestone: rcKeywords: Triaged
Target Release: 8.0Flags: pm-rhel: mirror+
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: dnf-4.2.16-1.el8 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-04-28 16:48:13 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description jcastran 2019-09-09 19:44:22 UTC 
Description of problem:
RHEL 8 does not list CVEs when running "yum updateinfo list cves" This used to work in RHEL 7. 

Version-Release number of selected component (if applicable):
libdnf-0.22.5-4.el8.x86_64

How reproducible:
Everytime

Steps to Reproduce:
1. yum updateinfo list cves

Actual results:
<nothing>

Expected results:
 CVE-201#-######   Important/Sec. rhel-8-package.arch

Additional info:
I didn't see this as an option upstream but I do see it as an option for Oracles' dnf if that helps.

   https://docs.oracle.com/cd/F12552_01/F19386/html/security-dnf.html
Comment 5 Marek Blaha 2019-11-05 06:49:03 UTC 
Here is the PR that fixes the problem: https://github.com/rpm-software-management/dnf/pull/1510
And here is the PR with tests: https://github.com/rpm-software-management/ci-dnf-stack/pull/659
Comment 12 errata-xmlrpc 2020-04-28 16:48:13 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:1823