On RHEL, PackageKit's [UpdateDetail signal](https://www.freedesktop.org/software/PackageKit/gtk-doc/Transaction.html#Transaction::UpdateDetail) has `bugzilla_urls` which confusingly are not just URLs, but include the bug title:
Details about the update:
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1500697, SELinux denies name_connect to mssql_port_t for tomcat_t [rhel-7.4.z], https://bugzilla.redhat.com/show_bug.cgi?id=1500813, keepalived 1.3.5 requires setpgid permission [rhel-7.4.z], https://bugzilla.redhat.com/show_bug.cgi?id=1513075, selinux inhibits pacemaker's logging policy [rhel-7.4.z]
This is rather confusing for API clients, as these need to be filtered out usually. It's not clear whether one can actually rely on the order here (first the bug URL, then the corresponding title).
Apparently these are being generated from the `title="..."` field in the _updateinfo XML, like this:
<reference href="https://bugzilla.redhat.com/show_bug.cgi?id=1500697" id="1500697" title="SELinux denies name_connect to mssql_port_t for tomcat_t [rhel-7.4.z]" type="bugzilla" />
This also affects cve_urls:
$ pkcon get-update-detail [...]
CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-123456, CVE-2014-123456
We moved the upstream bugtracker to GitHub a long time ago. If this issue still affects you please re-create the issue here: https://github.com/hughsie/PackageKit/issues
Sorry for the impersonal message, and fingers crossed your issue no longer happens. Thanks.