[19:33] <jdstrand> pfsmorigo_, et al: hi! I saw https://ubuntu.com/security/notices/USN-5712-1 come in which says it fixed CVE-2022-35737. I then went to https://ubuntu.com/security/CVE-2022-35737 and see it isn't fixed anywhere. I then went to https://git.launchpad.net/ubuntu-cve-tracker/tree/active/CVE-2022-35737 and see it is also not marked as released
[19:33] -ubottu:#ubuntu-security- SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API. <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35737>
[19:34] <jdstrand> pfsmorigo_: I then wondered if esm data is being stored in UCT (I thought I recalled that it was). If so, I guess UCT just hasn't been updated yet...
[19:37] <jdstrand> ok, yes, eg active/CVE-2022-42012 has esm-infra/xenial_dbus: released (1.10.6-1ubuntu3.6+esm2)
[19:37] -ubottu:#ubuntu-security- An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format. <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42012>
[19:38] <jdstrand> pfsmorigo_: nm, I answered my own question. Looks like UCT just hasn't been updated yet
[19:42] <enyc> https://launchpad.net/~ubuntu-mozilla-security/+archive/ubuntu/ppa  Thunderbird 102.4.1  in -proposed yet??!?