I am trying to understand what is the activity corresponding to the fixes suggested by Intel security advisories relating to the processor/controller flaws. I took a glance at commit history and did grep "CVE" but there is nothing there.

Once the advisories are released by Intel, on average, what is the timeline to get them implemented on a general note. I understand coreboot is an open community project, but while working on one feature of coreboot, I would want to be sure that some of my friend in the community is taking of security issues.