907631 – Invalid XML if an errata spans more than 1 collection [satellite-6]

Bug 907631 - Invalid XML if an errata spans more than 1 collection [satellite-6]

Summary: Invalid XML if an errata spans more than 1 collection [satellite-6]

Keywords:
Status:	CLOSED UPSTREAM
Alias:	None
Product:	Red Hat Satellite
Classification:	Red Hat
Component:	Errata Management
Sub Component:
Version:	6.0.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	medium
Target Milestone:	Unspecified
Assignee:	Katello Bug Bin
QA Contact:	Katello QA List
Docs Contact:
URL:
Whiteboard:
Depends On:	887407
Blocks:	869077 1130651
TreeView+	depends on / blocked

Reported:	2013-02-04 21:35 UTC by Aaron Weitekamp
Modified:	2016-02-15 20:27 UTC (History)
CC List:	8 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:	887407
Environment:
Last Closed:	2016-02-15 20:27:44 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Comment 1 Aaron Weitekamp 2013-02-04 21:41:29 UTC

I'm seeing this in SystemEngine 1.1.2 puddle 2013-01-31.1

Example URL: http://qeblade40.rhq.lab.eng.bos.redhat.com/pulp/ks/redhat/Dev/content/dist/rhel/server/6/6Server/x86_64/os/updateinfo.xml

IRC snippet:
<jmatthews> aweiteka, the updateinfo.xml file is likely to be corrupted for clients who look at it
<jmatthews> it could break some yum plugins looking at security updates, bugfixes, etc


Might this be why Available Errata never displays?

Fixed upstream: http://yum.baseurl.org/gitweb?p=yum.git;a=commit;h=6e56ea6a6236dde080d60f091a7854d204825bd4

Comment 3 Aaron Weitekamp 2013-02-04 22:12:50 UTC

Confirmed CDN repo[1] is valid XML. The issue appears to be introduced in katello.

<jmatthews> aweiteka, I think the issue comes down to does systemEngine determine errata by looking at updateinfo.xml or by querying Pulp through API

The other impact would be to yum plugins such as yum-plugin-security

[1] http://download.lab.bos.redhat.com/devel/jgregusk/share/d267c7a02d6beac9559ee2d17570371346f9c2c4acae57ab4438f4bddd60cfcc-updateinfo.xml

Comment 4 Aaron Weitekamp 2013-02-05 20:41:53 UTC

Katello gets errata updates from a pulp api query. I used pulp-admin to confirm pulp is returning errata.

Reducing severity to medium. If admins use yum plugins to query katello updates would not be returned properly.

Comment 5 Kurt Seifried 2013-02-06 07:07:11 UTC

SRT is classifying this as security hardening and not a security flaw since there is no explicit way for an attacker to trigger this.

Comment 8 Michael Hrivnak 2016-02-15 20:20:49 UTC

Pulp hasn't used yum to parse or render errata in a long time, so this was likely fixed long ago.

Comment 9 Bryan Kearney 2016-02-15 20:27:44 UTC

This should no longer be an issue, closing it as UPSTREAM. If you are still seeing this issue, please feel free to re-open.

Note You need to log in before you can comment on or make changes to this bug.