Hi, does anyone know why CVE-2023-5217 (critical vp8 encoder bug) is rated as an "open unimportant issue" for firefox-esr? Currently it is not fixed in bookworm and newer [1]. Mozilla itself rates it as "critical" [2].
[1] https://security-tracker.debian.org/tracker/source-package/firefox-esr [2] https://www.mozilla.org/en-US/security/advisories/mfsa2023-44/ hede