Eduardo Barretto

@PiRomant that is already part of the remediation and profile: https://github.com/ComplianceAsCode/content/blob/master/products/ubuntu2204/profiles/cis_level1_server.profile#L850 It probably just isn't part of version 0.1.73, it will land in the next one

if you need more information: https://github.com/ComplianceAsCode/content/pull/11968

/packit build

Closing this since it is a duplicate of #11904

As someone that does not have a view of the whole osv.dev machinery, I think the main question is, why would you want to combine CVE entries?

> > why would you want to combine CVE entries? > > The initial reason was that [Alpine SecDB](https://storage.googleapis.com/cve-osv-conversion/index.html?prefix=osv-output/) uses [CVE IDs ](https://security.alpinelinux.org/vuln/CVE-2024-6197)to publish their vulnerabilities. So, we created a...

> > > > why would you want to combine CVE entries? > > > > > > > > > The initial reason was that [Alpine SecDB](https://storage.googleapis.com/cve-osv-conversion/index.html?prefix=osv-output/) uses [CVE...

> > Thanks for clarifying it, and would the prefix also be necessary for the filename itself? or could we have a filename CVE-2024-0001.json and inside of it `id =...

> Hey @dodys, I have two questions about Ubuntu CVE OSV records ([ubuntu-security-notices](https://github.com/canonical/ubuntu-security-notices/tree/main)/[osv](https://github.com/canonical/ubuntu-security-notices/tree/main/osv)). First, I'm curious why some affected packages lack the [`ubuntu_priority`](https://git.launchpad.net/ubuntu-cve-tracker/tree/README#n257) field. This field is from the vulnerability...

I forgot to ask one thing Holly For the USN data, should we change the related field to refer to the `UBUNTU-CVE-...` or should we keep it as `CVE-...`?