We can use cog for testing that the CVEs are fixed, if necessary. Due to the exception in comment #18, I believe that this bug can go through the security sponsoring process.
The snap https://snapcraft.io/wpe-webkit-mir-kiosk has been installed/used recently by a substantial number of users (according to the "Where people are using" map) and uses an outdated version of WPE WebKit (2.30.5), but still later than the version currently in 20.04: https://gitlab.com/glancr/wpe-webkit- snap/-/blob/main/snap/snapcraft.yaml#L167 Please publish patched packages immediately. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1970779 Title: Upgrade to 2.36.3 for Focal, Impish and Jammy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/wpewebkit/+bug/1970779/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs