Am Tue, Apr 09, 2024 at 10:01:11AM +0200 schrieb Andreas Beckmann: > Package: release.debian.org > Severity: normal > Tags: bullseye > User: release.debian....@packages.debian.org > Usertags: pu > X-Debbugs-Cc: Bastien Roucariès <ro...@debian.org> > Control: affects -1 + src:json-smart > Control: block 1039985 with -1 > Control: block 1033474 with -1 > > [ Reason ] > Two CVEs were fixed in buster-lts, but not yet in bullseye or later, > causing version skew on upgrades:
CVE-2023-1370 / #1033474 is unfixed in sid, and being fixed in unstable is a pre condition for a point update. Bastien, since you fixed it in buster-lts, can you please also take care of addressing unstable? Cheers, Moritz