I am a maintainer of the upstream of editorconfig. I added CVE-2024-53849 to the CVE database today. This is related to the editorconfig package in Debian.
Additionally, the security fix was available about 9 months ago, in case this information matters (only realized it wasn't in CVE today, my bad). Hong
