Hi Hugo, Maybe I'm missing something but but please double check. Can it be that the stretch-pu upload contains the fix https://hg.libsdl.org/SDL_image/rev/b1a80aec2b10 for TALOS-2019-0842 but the buster-pu one missed it? (Note this has a new CVE assigned CVE-2019-5058, the change afaics is included in your stretch-pu debdiff, is this right? but not in the buster-pu one?)
Would be great if you can re-check if the above is correct. Regards, Salvatore
