[17:15] <sdeziel> Looking at https://ubuntu.com/security/CVE-2021-3618, I'm assuming that 22.04 security patching is still catching up, is that right?
[17:21] <mdeslaur> it's rated "low", which we don't fix unless something more important comes up
[17:22] <mdeslaur> that being said, I guess we should fix it since it's fixed in other releases
[17:22] <mdeslaur> I'll take care of it
[17:22] <sdeziel> mdeslaur: agreed, I'm not concerned by that specific CVE, I just happened to remember nginx receiving an update in other releases
[17:22] <mdeslaur> it wasn't showing up in our list because of the "low" priority
[17:24] <mdeslaur> I just pinged litios who did the updates for the stable releases
[17:26] <sdeziel> mdeslaur: I guess my question should have been: Is there someone going through https://ubuntu.com/security/cves?q=&package=&priority=&version=jammy&status=needed and https://ubuntu.com/security/cves?q=&package=&priority=&version=jammy&status=needs-triage ?
[17:26] <sdeziel> thanks for the nginx one though :)
[17:27] <teward> mdeslaur: if you have a backported patch for the nginx one let me take it too 'cause i can shove it into the Debian repos for nginx (I have maintainer on Salsa for nginx now)
[17:27] <teward> (and i'm up to my neck in patching servers recently so if you do the work then I don't have to xD)
[17:29] <teward> thouhg, actually, i put 1.20.2 already in salsa, so that's already got the CVE fix I believe.
[17:31] <mdeslaur> sdeziel: jammy is now in our "cves we need to fix" report, so yes. _but_ in that particular case, it was a low so not being reported
[17:32] <sdeziel> mdeslaur: excellent, thank you!