Hello, I have taken responsibility for fixing these CVEs in libssh in buster, as part of Freexian-funded LTS work. I would like to see if I can help get them fixed in bullseye & bookworm in parallel, to avoid a situation where they're fixed in buster but not fixed in releases to which LTS users might soon upgrade their machines. I see the fixes are all in sid. Are you expecting to issue DSAs for bullseye and bookworm? I would be grateful for some information on the sec team's plans for these fixes. Thanks! -- Sean Whitton
Attachment:
signature.asc
Description: PGP signature