[15:24] <fungi> anybody happen to know if there's any sru in progress for fixing CVE-2021-42096 and CVE-2021-42097 in focal's mailman package?
[15:25] <fungi> it got addressed in bionic and xenial last week
[15:40] <grimmware> amurray, sbeattie: hey, the cvescan json is still out of date meaning we're kinda flying blind on our system patching - is there an ETA for this getting fixed?
[16:17] <ebarretto> fungi, it is on our radar to patch it for focal, if I remember correctly we have some other cves to fix for it, but we are currently sprinting so we don't have a proper ETA, but it is in our radar for sure
[16:19] <fungi> ebarretto: oh, no worries, just checking whether it had fallen through the cracks. it's not urgent for me, i've just hand-patched the relevant files on our servers for the time being anyway
[16:20] <fungi> and thanks for the info!
[16:48] <grimmware> amurray, sbeattie: equally, if the downtime is due to bugs that are addressable by contributions from people outside of canonical I'm pretty sure we could probably dedicate some time to some patches
[16:49] <grimmware> (I appreciate that's probably a stretch but you never know until you ask)