Comment 4 for bug 2012327

Hey, thanks for landing the merge request. I do get slightly different sorting behavior than what you demonstrated; doing:

  rm active/CVE-2021-46877 && \
  unset CHECK_CVES_EXPERIMENTAL && \
  ./scripts/check-cves --cve CVE-2021-46877 nvdcve-1.1-2021.json

now nets me the following package section sort order:

Patches_jackson-databind:
upstream_jackson-databind: released (2.13.2.2-1)
trusty_jackson-databind: ignored (out of standard support)
trusty/esm_jackson-databind: needs-triage
esm-apps/xenial_jackson-databind: needs-triage
xenial_jackson-databind: ignored (out of standard support)
bionic_jackson-databind: needs-triage
esm-apps/bionic_jackson-databind: needs-triage
esm-apps/focal_jackson-databind: needs-triage
focal_jackson-databind: needs-triage
esm-apps/jammy_jackson-databind: needs-triage
jammy_jackson-databind: needs-triage
kinetic_jackson-databind: not-affected (2.13.2.2-1)
devel_jackson-databind: not-affected

note the difference for bionic. Do you have any idea what's happening there?