I'm trying to get a list of packages that are marked as having "security updates"
My base system is Ubuntu 14.04
For example, there is a script on Ubuntu 14.04 which will list number of updates available. The dynamic-ish motd uses it.
Running that with no args gives semicolon-separated output to stderr, e.g.:
$ /usr/lib/update-notifier/apt-check 60;11 <-- (this is actually standard error)
There are "human readable" and "package names" flags for this script. Great! But "package names" just dumps out the packages being updated, it doesn't put them into security/non-security piles.
How can I tell what's in the "security updates" bucket?
I've tried things like:
apt-get -s dist-upgrade | grep "^Inst" | grep -i security
That one isn't working for me.
I'm considering taking the apt-check script apart and re-using it, but I'd like to know if there's an existing facility to do what I want before I do that.
I ended up modifying the python script "/usr/lib/update-notifier/apt-check" and basically adding output to print the package details whenever that script did a check with the "isSecurityUpgrade()" function. (See that script for details)