Dear Mentors,
I hope this email finds you well.
I'm writing to seek your guidance on backporting a fix for CVE-2021-45463 to the Bullseye release. I've successfully developed a fixed version of gegl for Bullseye, but I'm facing a roadblock due to the age of the Bullseye release.
According to the LTS team's FAQ, backporting for a given release is typically closed after three years. As Bullseye's initial stable release occurred over three years ago, I am concerned that backporting the fix may not be possible.
I would be grateful if you could confirm my understanding of the backporting policy in this specific case.
Thank you for your time and consideration.
Sincerely,
Fukui