Am Thu, Oct 20, 2022 at 11:28:22PM -0300 schrieb David da Silva Polverari: > Hi, > > I adjusted the affected versions in the BTS, but I couldn't find any > patch for it. The reference to buffer overflows seem related to > CVE-2020-27818, so I wonder whether it is a duplicate or not. > > If it is, it was already closed in [1]. > > [1] CVE-2020-27818
Yeah, indeed, this seems to be a CVE assignment for a rather old version, so testing/sid are in fact fixed. But looking at the changelog, there's a few more security fixes between 2.3.0 (in stable) and 3.0.2 and since practically all changes are security-related I'll simply build 3.0.2 for bullseye-security. Cheers, Moritz