The CVE is two months old, it alone isn't a reason to rush an upload within hours specifically today.
I am just trying to highlight here that while it is good that we have heroes who do a bunch of solo work for Debian, doing things a bit slower and inclusively will help build teams and grow collaborators who will actually maintain and improve the packages in the long-term.