After all it's said and done, we are talking about this issue:
https://security-tracker.debian.org/tracker/CVE-2019-9893
Reading that page there is a "No security issue by itself" comment, that
can tell you what priority the Debian security team attached to it.
Reading the bug I could see:
> The libseccomp v2.4.0 release fixes this problem, and should be a
> direct drop-in replacement for previous v2.x releases. Due the
> complexity, and associated risk, of backporting the fix to the v2.3.x
> release stream, I've made the difficult decision not to backport the
> fix.
So, well, just don't expect this to land in buster easily.
If anybody believe this is important, they should take it to #924646 and
probably talk with the Release Team.
I would say a CVE that is decided to not be fixed in the version present
in stable being fixed only in stable-backports where there is a whole
different version is not that surprising.
--
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`.
More about me: https://mapreri.org : :' :
Launchpad user: https://launchpad.net/~mapreri `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia `-
Attachment:
signature.asc
Description: PGP signature