Am Tue, Apr 09, 2024 at 10:01:11AM +0200 schrieb Andreas Beckmann:
> Package: release.debian.org
> Severity: normal
> Tags: bullseye
> User: release.debian....@packages.debian.org
> Usertags: pu
> X-Debbugs-Cc: Bastien Roucariès <ro...@debian.org>
> Control: affects -1 + src:json-smart
> Control: block 1039985 with -1
> Control: block 1033474 with -1
>
> [ Reason ]
> Two CVEs were fixed in buster-lts, but not yet in bullseye or later,
> causing version skew on upgrades:
CVE-2023-1370 / #1033474 is unfixed in sid, and being fixed in unstable
is a pre condition for a point update.
Bastien, since you fixed it in buster-lts, can you please also take care
of addressing unstable?
Cheers,
Moritz
