Hi, A follow up questions if I may...
May I assume that when the CRITICAL CVE is identified on Berkeley DB (libdb5.3) and enough information is shared the package maintainer will fix it? I talked to maintainer and he mentioned that library is now orphaned which suggests that the fix will not be developed? Bastian Germann: "...The request was placed better at the Security Team. I have orphaned the pkg." https://packages.debian.org/bookworm/libdb5.3 Thank you, j.
