CVEs related to bugs in Ubuntu CVE Tracker

Open bugs

Bug	CVE(s)
Bug #1880992: check-cves should compute and display CVSS score for triage	CVE-2020-10134
Ubuntu CVE Tracker	Fix committed (unassigned)
Bug #2012327: check-cves handles esm-apps incorrectly when a fix landed before the devel release	CVE-2021-46877
Ubuntu CVE Tracker	Fix committed by Alex Murray
Bug #2028915: cve_lib: priority reason change is brittle	CVE-2023-3269
Ubuntu CVE Tracker	New (unassigned)
Bug #2046195: seems CVE-2023-2953 is not fixed in openldap 2.4.49+dfsg-2ubuntu1.9	CVE-2023-2953
Ubuntu CVE Tracker	Confirmed (unassigned)
Bug #2054762: incorrect CVSS attribution to NVD	CVE-2024-20952
Ubuntu CVE Tracker	New (unassigned)
Bug #2054766: update upstream source reference for CVE data	CVE-2023-49285
Ubuntu CVE Tracker	New (unassigned)

Resolved bugs

Bug	CVE(s)
Bug #1658759: oscap with com.ubuntu.xenial.cve.oval.xml wrongly reports many unpatched (and unknown) non-installed packages on Ubuntu Xenial 16.04.1 LTS	CVE-2015-5180
Ubuntu CVE Tracker	Fix released (unassigned)
Bug #1763905: mruby contained a security bug that was fixed upstream	CVE-2018-10191
Ubuntu CVE Tracker	Fix released (unassigned)
Bug #1834439: designated object in OVAL definition may be wrong	CVE-2019-11477
Ubuntu CVE Tracker	Opinion (unassigned)
Bug #1869918: Found an escape character in the closing description tag that corrupts the xml.	CVE-2017-15095 CVE-2017-7525
Ubuntu CVE Tracker	Fix released (unassigned)
Bug #1878917: Public date and copyright year missing for CVE-2020-1945 in OVAL	CVE-2020-12662 CVE-2020-12663
Ubuntu CVE Tracker	Fix released (unassigned)