Since February 2024, Linux Kernel CVEs have been assigned and published by people at kernel.org.
Their understanding of a CVE sadly differs from the commonly accepted CVE standards, especially regarding selection criteria, vulnerability descriptions, and severity evaluation. Due to this policy and methodology change, the Linux Kernel world receives approximately 120 CVEs monthly. This used to be around 15 until January 2024. We, the Kernel Security Squad here at Canonical, are always working hard to fix any significantly important CVE within an acceptable timeframe, however, due to the sheer number of incoming CVEs, we have to postpone some and prioritize others, even though they seem to have equal CVSS. (Two Mediums can differ greatly from each other due to configuration changes in Ubuntu). I assure you that we will carefully evaluate the list of CVEs you shared and act accordingly, however, it would be impossible for me to propose an ETA right now. Thank you for your understanding. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2083312 Title: linux-libc-dev package has vulnerabilities To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2083312/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
