Dear Mentors, I hope this email finds you well.
I'm writing to seek your guidance on backporting a fix for CVE-2021-45463 to the Bullseye release. I've successfully developed a fixed version of gegl for Bullseye, but I'm facing a roadblock due to the age of the Bullseye release. According to the LTS team's FAQ, backporting for a given release is typically closed after three years. As Bullseye's initial stable release occurred over three years ago, I am concerned that backporting the fix may not be possible. I would be grateful if you could confirm my understanding of the backporting policy in this specific case. Thank you for your time and consideration. Sincerely, Fukui
