Why is sid (that has 8.17.1.9-1) still listed as affected by ALPACA? https://security-tracker.debian.org/tracker/CVE-2021-3618 This thread says this is has already been fixed with 8.16.1.