So I've been pondering Ubuntu's CVE priorities. Especially the medium priority.
https://people.canonical.com/~ubuntu...857.1661401159
https://ubuntu.com/blog/securing-ope...prioritisation
As far as I can tell the medium priority affects fewer users than the high or critical priorities and generally requires some user intervention. Maybe changing the default configuration or something. Have I got this right?
I guess what I'm particularly concerned about is the possibility that a package might receive a medium priority just because it has a relatively low number of users but the consequences might be severe and be easy to execute.
Apologies if this is a little too granular. It's just that I've thought I understood something from a distribution's documentation in the past only to find that I didn't and that I put myself at risk.