When will CVE message stop showing?

Question

I'm still receiving the following upon sudo apt upgrade:

# Canonical released microcode updates for both Intel (CVE-2022-40982) and AMD
# (CVE-2023-20593). ‘Unattended upgrades’ provide security updates by default.
# Ensure it remains enabled to always get all updates as they become available.

But:

$ pro fix CVE-2022-40982
CVE-2022-40982: Linux kernel (BlueField) vulnerabilities
 - https://ubuntu.com/security/CVE-2022-40982
1 affected source package is installed: intel-microcode
(1/1) intel-microcode:
A fix is available in Ubuntu standard updates.
The update is already installed.
✔ CVE-2022-40982 is resolved.

and:

$ pro fix CVE-2023-20593
CVE-2023-20593: Linux kernel (BlueField) vulnerabilities
 - https://ubuntu.com/security/CVE-2023-20593
1 affected source package is installed: amd64-microcode
(1/1) amd64-microcode:
A fix is available in Ubuntu standard updates.
The update is already installed.
✔ CVE-2023-20593 is resolved.

score 14 · Answer 1 · answered Nov 16 '23 at 16:34

Short answer: When Canonical decides to post another message. And since we're not Canonical, we can't know.

This is "APT News", basically meaning Canonical decided to turn the APT output into an infomercial, unless you disable it (as stated in this Q&A).

When will CVE message stop showing?

1 Answers1