package release.debian.org tags 958969 = buster pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian buster. Thanks for your contribution! Upload details ============== Package: gosa Version: 2.7.4+reloaded3-8+deb10u2 Explanation: replace (un)serialize with json_encode/json_decode to mitigate PHP object injection [CVE-2019-14466]