> Since the MIR is specifically for Groovy onwards, does the CVE really need to be fixed in Focal?
Since Focal is a LTS, is would seem preferable to fix the CVE there; however you are right it's not required for this MIR. Additionally since fwupd version in Focal is before libjcat was split off, fixing the CVE in libjcat in Focal is not as relevant, since the CVE is fixed in fwupd in Focal, and nothing else appears to use libjcat in Focal. So I agree, the CVE doesn't need to be fixed in Focal for this MIR. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1884003 Title: [MIR] libjcat To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libjcat/+bug/1884003/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
