Rebuilding snap does not remove vulnerability


I got an e-mail from the store stating that my snap imap2gmail has old packages. Rebuilding the snap should resolve this. However, after rebuilding, I get messages that the new revisions still have the vulnerability.

As far as I can see, I don’t explicitly specify the versions of these packages, so they should simply update:

  • libpython2.7-minimal: 5342-2
  • libpython2.7-stdlib: 5342-2
  • python2.7: 5342-2
  • python2.7-minimal: 5342-2

The snap is based on core20 with the ‘python’ plugin. Full code is at

I have waited a few days (perhaps updates were not published), but after a few days the problem remains.

Any clue?

Thanks for pointing this out Alan.

Three things:

  1. I find it weird that the security update does not apply to a core20. The ESM kicks in after 5 years (that was at least my understanding), and that fixes would be included for first 5 years.
  2. The instructions are clearly wrong. Rebuilding will not solve the problem with the current setup.
  3. I don’t use Python2, but it is in the snap. Feels weird that it is in there.

I’ll write a comment on the

This is a brand new feature. Up to last week universe packages did never get security updates from canonical … with the introduction of the (free) pro option, you can now get additional security updates for 20000+ packages in universe …

It is a bug that is being solved currently, that the snap auto-builds are not integrated wit this yet…

1 Like

Thanks ogra! I’ll wait for the resolution!

  • Kristofer