Hi folks, Whilst on front desk this week, I am noticing 23 packages that are of the status: "Issues fixed in buster and bookworm but not in bullseye".
In my opinion, this is problematic as those who will be upgrading from buster -> bullseye will see it as a regression, as they'll now be vulnerable once again. Should we not be proactively dealing with such issues? Sorry if this was raised earlier, but I see it as a bit odd & problematic. Let me know what y'all think. ...and this naturally serves as a reminder that please fix CVEs that you plan to publish a DLA for via -pu or DSA for the currently supported releases, otherwise we'll be in this same situation. P.S. I'm happy to work on most of these issues myself as I triage them, but I just want to see how (strongly) we feel about them. - u
