Comment 0 for bug 2072677

OS: Ubuntu 22.04
ubuntu-advantage version: 32.3.1~22.04

Problem:
Running "apt dist-upgrade" shows a MOTD message for a CVE that's already been patched on the host:

--------
➜ ~ sudo apt dist-upgrade
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Calculating upgrade... Done
#
# OpenSSH CVE-2024-6387 fix is available for all affected Ubuntu releases.
# RegreSSHion: Possible RCE Due To A Race Condition In Signal Handling.
# For more details see: https://ubuntu.com/blog/ubuntu-regresshion-security-fix
#
The following packages have been kept back:
--------

Looking into the aptnew.json where this is pulled (Querying https://motd.ubuntu.com/aptnews.json)
we see that there is a selector logic matching versions below 1.8.9p1:
--------

 "begin": "2024-07-03T00:00:00Z",
            "selectors": {
                "codenames": ["jammy"],
                "packages": [
                    ["openssh-server", "<", "1:8.9p1-3ubuntu0.10"]
--------

But this host already satisfies this version:
--------

ii openssh-server 1:8.9p1-3ubuntu0.10
--------

So something seems to be off in the selector comparison logic being used.
This only is shown on "apt dist-upgrade" from what I've seen, but I don't know if this is the only way to trigger this.