Am Thu, Oct 20, 2022 at 11:28:22PM -0300 schrieb David da Silva Polverari:
> Hi,
>
> I adjusted the affected versions in the BTS, but I couldn't find any
> patch for it. The reference to buffer overflows seem related to
> CVE-2020-27818, so I wonder whether it is a duplicate or not.
>
> If it is, it was already closed in [1].
>
> [1] CVE-2020-27818
Yeah, indeed, this seems to be a CVE assignment for a rather old
version, so testing/sid are in fact fixed.
But looking at the changelog, there's a few more security fixes
between 2.3.0 (in stable) and 3.0.2 and since practically all
changes are security-related I'll simply build 3.0.2 for
bullseye-security.
Cheers,
Moritz
