Hello,
I'm part of the Debian LTS Team and we would like to track which shipped
versions of python-babel are affected by the vulnerability described in
your advisory TRA-2021-14.
https://fr.tenable.com/security/research/tra-2021-14
The Advisory Timeline shows that CVE-2021-20095 was assigned by your CNA
to reference this issue, but was withdrawn the next day with no public
rationale.
As far as we know, no later CVE superseded it, hence there is currently
no standard way to track this issue.
Was there a security reason for the CVE withdrawal, and is there plan to
register a new one?
Cheers!
Sylvain Beucler
Debian LTS Team
