[06:10] <ingvar> pfsmorigo: Adding the full patch set means you may just upgrade to the next minor release. The only change would be the name of the package.
[06:11] <ingvar> But as it suits you
[06:13] <ingvar> You may also cherry pick, and even edit the patches to remove the unnecessary stuff, like doc and changes. But it sounds a bit silly to do all that work instead of using the packaged and quality checked next minor release from upstream.
[06:23] <dikonoor> Hi, I am using Ubuntu 20.04 and I am looking for information on by when Ubuntu plans to release security fixes for these CVEs 1) https://ubuntu.com/security/CVE-2022-1012 2) 
[06:23] <dikonoor> https://ubuntu.com/security/CVE-2022-2327 3) 
[06:23] <dikonoor> https://ubuntu.com/security/CVE-2022-36946 4) 
[06:23] <dikonoor> https://ubuntu.com/security/CVE-2022-1280. These are all high.
[06:28] <amurray> dikonoor: these are all marked as Medium priority so this means they get included as part of the normal kernel team's SRU workflow - the kernel team does new kernel releases every 3 weeks and the next release is due on 29th August - so likely these should be included in that release
[06:31] <dikonoor> amurray: That's helpful. Thanks for your response. One question. I assume this means that the fixes will be available as part of the 5.4.0.* kernel version.
[06:33] <amurray> dikonoor: yes, as that is the kernel version that ships with Ubuntu 20.04 - also note that CVE 2022-2209 likely doesn't affect the 5.4 kernel but this still needs a more thorough investigation
[06:34] <dikonoor> amurray:Thanks for the confirmation
[06:43] <amurray> ugh sorry I meant 2022-2327