Hello, Regarding https://security-tracker.debian.org/tracker/CVE-2024-6387 I guess *buster* is not affected either, because it did not integrate the patchset from 2020?
I ask this even if buster LTS support stopped ... yesterday. I still have one server (upgrading today) which has a fully accessible SSH server on buster (actually it will be stopped during the upgrade, and then bullseye is marked non-vulnerable). But still, this is a big potential vulnerability, so maybe communicating on it should be a good idea. Have a nice day.