background: - the CVE involved seems to be an low impact one [1] - we never use fwupd + jcat 0.1.0-2 in any ubuntu release. given there are some other changes between 0.1.0 and 0.1.3, it's harder for us to tell if testing coverage is good enough or not given we didn't involve those signing designs and processes in lvfs.
[1] https://www.cvedetails.com/cve-details.php?cve_id=CVE-2020-10759 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-10759 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1920724 Title: Upgrade focal/libjcat to version 0.1.3-2 and MIR it To manage notifications about this bug go to: https://bugs.launchpad.net/oem-priority/+bug/1920724/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
