=== arif-ali_ is now known as arif-ali === fauxpide is now known as fauxpride [19:33] pfsmorigo_, et al: hi! I saw https://ubuntu.com/security/notices/USN-5712-1 come in which says it fixed CVE-2022-35737. I then went to https://ubuntu.com/security/CVE-2022-35737 and see it isn't fixed anywhere. I then went to https://git.launchpad.net/ubuntu-cve-tracker/tree/active/CVE-2022-35737 and see it is also not marked as released [19:33] -ubottu:#ubuntu-security- SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API. [19:34] pfsmorigo_: I then wondered if esm data is being stored in UCT (I thought I recalled that it was). If so, I guess UCT just hasn't been updated yet... [19:37] ok, yes, eg active/CVE-2022-42012 has esm-infra/xenial_dbus: released (1.10.6-1ubuntu3.6+esm2) [19:37] -ubottu:#ubuntu-security- An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format. [19:38] pfsmorigo_: nm, I answered my own question. Looks like UCT just hasn't been updated yet [19:42] https://launchpad.net/~ubuntu-mozilla-security/+archive/ubuntu/ppa Thunderbird 102.4.1 in -proposed yet??!?