Ubuntu vulnerable package marked as fixed but new version hadn't been released

[beaturmis]

Describe the bug
Bumped into a problem with UBUNTU-CVE-2024-38541 on July, 15 2025
Package linux was marked as fixed with version 5.15.0-144.157 in OSV.
But the fixed package version hadn't been released by Ubuntu at that moment. So there was a temporary inconsistency in OSV DB which led to providing false information about available fixes.

Expected behaviour
Information about fixed versions is provided only in case packages have been published to Ubuntu repositories.

Screenshots

OSV DB info with fixed version

Screenshot from Ubuntu CVE info page showing "Work in progress"

[jess-lowe]

Hi there, thanks for your interest in OSV's data quality! In this case, Ubuntu gives us their data directly, by publishing at this git repository. As such, Canonical (Ubuntu) will be the best place to contact about addressing this issue.
Thanks!