Description
Some security updates aren't marked with the 'Security update' icon; instead, they use the 'Software update' icon. (I think it is the default.)
A specific example is libtpms package, version 0.9.3-0ubuntu4.24.04.1.
In the Changelog, the package update is marked as SECURITY UPDATE and the corresponding CVE is also written. But Update Manager uses the "Software update" icon and marks it as an available, regular update.
Screenshots
To Reproduce
Steps to reproduce the behavior:
- Refresh
- Click on
Changelogto see the discrepancy.
Expected behavior
Security updates should be marked with the 'Security update' icon.
Distribution:
- Linux Mint
- LMDE
- Other (please specify)
Software version:
mintUpdate 7.0.7
Logs:
2025.07.07@10:46 ++ Launching Update Manager
2025.07.07@10:46 ++ Initial refresh will happen in 0 day(s), 0 hour(s) and 10 minute(s)
2025.07.07@10:46 ++ Inhibited power management
2025.07.07@10:46 ++ Checking for updates
2025.07.07@10:46 ++ Found 1 software updates
2025.07.07@10:46 ++ Refresh finished
2025.07.07@10:46 ++ Resumed power management
Additional context
I think the reason is some security packages are published both to noble-updates and noble-security.
Maybe mintupdate uses the origin as -updates but does not consider the -security part:
mintupdate/usr/lib/linuxmint/mintUpdate/Classes.py
Lines 136 to 137 in 36e13f1
Specifically for libtpms: https://launchpad.net/ubuntu/+source/libtpms/0.9.3-0ubuntu4.24.04.1
$ apt update && apt list --upgradable
Listing... Done
libtpms0/noble-updates,noble-security 0.9.3-0ubuntu4.24.04.1 amd64 [upgradable from: 0.9.3-0ubuntu4]