[22:16] <luis220413> I found another CVE OVAL false positive. In my Ubuntu 20.04 system, I am using the kernel in the linux source package (5.4 series), that was marked as fixed for CVE-2022-32250 on July 13 (UTC). I ran the scan on July 19 (also UTC).
[22:18] <luis220413> * In one of my Ubuntu 20.04 systems
[22:26] <luis220413> Please remove the jquery source package from the entry for CVE-2022-31147 in the Ubuntu CVE Tracker because that package does not contain the jQuery Validation Plugin.
[22:26] <luis220413> Does Ubuntu provide a package for this jQuery plugin?
[22:27] <tsimonq2> https://git.launchpad.net/ubuntu-cve-tracker/tree/active/CVE-2022-31147
[22:28] <sarnold> luis220413: re the oval, did you reboot into a fixed kernel?
[22:29] <luis220413> sarnold: I always reboot after receiving a kernel update.
[22:32] <luis220413> The source package links on packages.ubuntu.com link to files in archive.ubuntu.com, which is HTTP-only (problematic in Firefox's HTTPS-Only Mode).
[22:35] <luis220413> tsimonq2: There is no jQuery Validation Plugin package in Ubuntu. So all packages should be removed from these two CVEs (not the kernel one).
[22:35] <luis220413> sarnold: ^
[22:35] <luis220413> Wait, currently testing 18.04, 22.04 and 22.10.
[22:35] <luis220413> *Kinetic
[23:00] <luis220413> sarnold: Confirmed. Please remove all packages from CVE-2021-43306 and CVE-2022-31147 in the Ubuntu CVE Tracker.
[23:12] <luis220413> I will leave now but will see your replies in the logs for this channel.