Control: tags -1 - moreinfo Hi Adrian,
On Fri, Nov 29, 2024 at 10:52:42PM +0200, Adrian Bunk wrote: > Package: release.debian.org > Severity: normal > Tags: bookworm moreinfo > User: release.debian....@packages.debian.org > Usertags: pu > X-Debbugs-Cc: Chris Lamb <la...@debian.org>, secur...@debian.org > > * CVE-2024-31227: DoS with malformed ACL selectors > * CVE-2024-31228: unbounded pattern matching DoS > * CVE-2024-31449: Lua bit library stack overflow > > Tagged moreinfo, as question to the security team whether they want > this in -pu or as DSA. Thanks for the question. Moritz did earlier today mark the 3 CVEs as no-dsa, and releasing the update via the next point release is sufficient. Regards, Salvatore
