[16:39] <xevious> Ubuntu 20.04 currently has grub packages with two different versions (2.04 and 2.06).  I see that some packages were updated to 2.06 for this CVE: https://ubuntu.com/security/notices/USN-6355-1 - however,  the source package was not updated on LaunchPad.  Where is the source for the updated 2.06 packages? Why was a nonstandard process used for this update? Normally,  I would have expected the fixes to be backported into 20.04's grub 2.04 package,  
[16:39] <xevious> not for 2.06 packages to be added to 20.04's repos.  If this nonstandard process was used,  why weren't all grub packages updated to 2.06?