CVE-2022-23943 is resolved in apache2_2.4.53, but buster-backports currently only has 2.4.52-1~bpo10+1. Is there a plan to backport .53 to buster? I notice that it was submitted on March 19, but then rejected several days later. apache2_2.4.53-2~bpo10+1_sourceonly.changes ACCEPTED into buster-backports->backports-policy (debian.org) apache2_2.4.53-2~bpo10+1_sourceonly.changes REJECTED (debian.org) Has this effort been abandoned, or only delayed?
Regards, David Eoll