Am Tue, Feb 02, 2021 at 07:15:37PM +0100 schrieb Roland Rosenfeld: > Package: release.debian.org > Severity: normal > Tags: buster > User: release.debian....@packages.debian.org > Usertags: pu > > This fixes CVE-2021-20216 and CVE-2021-20217. > Since both are tagged "<no-dsa> (Minor issue)" in security tracker, I > tend to send this into the next point release of buster.
Hi Roland, yesterday upstream assigned a few additional CVE IDs (also no-dsa): https://www.openwall.com/lists/oss-security/2021/02/03/3, maybe you also want to fold these in? Cheers, Moritz
