Hello Salvatore!
Those updates were already prepared by Florian Weimer, but we need someone using it to actually test the updates as it includes other CVE fixes (namely CVE-2021-36740). If you are interested to test (yet unofficial) debs, let us know, this might speed up a bit the DSA release ;-)
I'm not sure how to exploit this two flaws - so I probably can't verify if the updates by Florian are then ultimately fixing the security-issues. But I can verify that the updated software-packages would basically work on some real-life systems. If that would already help you - feel free to share :)
Regards, Andreas
