Security updates pending even with unattended-upgrades on Debian

I installed a few days ago the unattended-upgrades package to install automatically the security updates on my debian 8 system. I notice when I run :

poiuytrez@xxx:/var/log/unattended-upgrades$ apt-get -s dist-upgrade |grep "^Inst" |grep -i securi
Inst curl [7.38.0-4+deb8u2] (7.38.0-4+deb8u3 Debian-Security:8/stable [amd64]) []
Inst libcurl3 [7.38.0-4+deb8u2] (7.38.0-4+deb8u3 Debian-Security:8/stable [amd64])
Inst libcurl3-gnutls [7.38.0-4+deb8u2] (7.38.0-4+deb8u3 Debian-Security:8/stable [amd64])
Inst libfuse2 [2.9.3-15+deb8u1] (2.9.3-15+deb8u2 Debian-Security:8/stable [amd64])

poiuytrez@xxx:/var/log/unattended-upgrades$ apt-get -s dist-upgrade |grep "^Inst" |grep -i securi

Inst curl [7.38.0-4+deb8u2] (7.38.0-4+deb8u3 Debian-Security:8/stable [amd64]) []

Inst libcurl3 [7.38.0-4+deb8u2] (7.38.0-4+deb8u3 Debian-Security:8/stable [amd64])

Inst libcurl3-gnutls [7.38.0-4+deb8u2] (7.38.0-4+deb8u3 Debian-Security:8/stable [amd64])

Inst libfuse2 [2.9.3-15+deb8u1] (2.9.3-15+deb8u2 Debian-Security:8/stable [amd64])

​

That I have a few security updates pending. What’s wrong with my configuration?

Answer

You need either /etc/apt/apt.conf.d/20auto-upgrades or /etc/apt/apt.conf.d/02periodic and they must contain lines APT::Periodic::Update-Package-Lists "1"; and APT::Periodic::Unattended-Upgrade "1";.

Run (as root) dpkg-reconfigure -plow unattended-upgrades to create /etc/apt/apt.conf.d/20auto-upgrades if it’s missing.

If it still isn’t working check /etc/cron.daily/apt

NOTE: Why are you testing with dist-upgrade?! apt-get -s upgrade will tell you if their are dist-upgrades available e.g (something like:) x packages available but not upgraded (they are very unusual for security patches).

Ref: /usr/share/doc/unattended-upgrades/README.md.gz