Ubuntu Server LTS releases are completely supported by both Canonical and the community for five years.
"Support" means that the release will continue to receive updates, including bug fixes and security patches.
Ubuntu Server 20.04 will be fully supported until April 2025.
While it is recommended to migrate to a new release before community support ends, you can sign up for a ESM or Ubuntu Pro subscription that will allow you to continue getting critical security updates and bug fixes for at least another five years until April 2030.
We at Ask Ubuntu are generally unable to answer specific questions pertaining to unreleased software still in development, whether they are new features, bugfixes, or security patches.
Generally speaking, bug fixes and security vulnerabilities are triaged based on how serious they are and how many people they affect.
If it seems that it is taking a very long time for a CVE to be patched, it's likely that the CVE simply doesn't affect many people, or it's just not that big of a deal. If a major security flaw is recognized and determined to be a really serious issue, it will have high priority and be patched as soon as possible.
If at any time you would like to know the details or current status of any CVE, you should reference the CVE tracker.
Here are all of the details about CVE 2020-15778
The developer notes are as follows:
mdeslaur:
the upstream OpenSSH project will not be fixing this issue as
it may result in breaking existing workflows. As such, we will
not be fixing this issue in Ubuntu.
seth-arnold:
openssh-ssh1 is provided for compatibility with old devices that
cannot be upgraded to modern protocols. Thus we may not provide security
support for this package if doing so would prevent access to equipment.
Based on the CVE tracker and developer notes, this is not going to be fixed because it can't be fixed. However it is implied that it's not a relevant problem as long as you aren't using old devices that are incapable of being upgraded to modern security protocols.
