Hi Craig, On Sat, Apr 17, 2021 at 08:32:35AM +1000, Craig Small wrote: > Should CVE-2021-29447 [1] be also listed against this bug? I'll be putting > it in the changelog.
I choosed to explicitly cover only CVE-2021-29450 with this bug because CVE-2021-29447 while fixed as well with 5.7.1, is only a problem with PHP8, which is not the default version for bullseye/sid. But clearly if you fix the issues by updating to 5.7.1 then by all means yes list as well CVE-2021-29447 in the changelog entry. Thanks for your work! Salvatore