CVE-2022-23943 is resolved in apache2_2.4.53, but buster-backports currently only has 2.4.52-1~bpo10+1. Is there a plan to backport .53 to buster? I notice that it was submitted on March 19, but then rejected several days later. apache2_2.4.53-2~bpo10+1_sourceonly.changes ACCEPTED into buster-backports->backports-policy (debian.org)<https://lists.debian.org/debian-apache/2022/03/msg00016.html> apache2_2.4.53-2~bpo10+1_sourceonly.changes REJECTED (debian.org)<https://lists.debian.org/debian-apache/2022/03/msg00019.html>
Has this effort been abandoned, or only delayed? Regards, David Eoll
