CVE JSON: Package list for kernel entries is out of order #245
Description
For CVEs for kernel, which contains a lot of packages, it is expected that the packages order is preserved from what was sent to the API.
This has been causing confusions to our users that wants to look for the generic kernel, "linux" which should be the first on the list but is being placed in the middle of many other source packages.
Example:
in https://ubuntu.com/security/cves/CVE-2025-38352.json we have
"packages": [
{
"debian": "https://tracker.debian.org/pkg/linux-hwe",
"name": "linux-hwe",
...
{
"debian": "https://tracker.debian.org/pkg/linux",
"name": "linux",
...
while in the source of the information, https://git.launchpad.net/ubuntu-cve-tracker/tree/active/CVE-2025-38352#n76, we can see that "linux" is the first package listed:
Patches_linux:
...
Patches_linux-hwe:
...
This is likely an issue on how the CVE is stored in the DB.
Can you please take a look at it?