Hi Andreas, Thanks for raising the problem.
On Wed, May 05, 2021 at 10:04:46PM +0200, Andreas Beckmann wrote: > Followup-For: Bug #985220 > > Hi, > > CVE-2020-13936 is fixed in stretch-security but not buster, making > upgrades difficult since stetch-security has a newer version than buster. > Please upload the fix to buster, too. > > velocity | 1.7-4 | jessie | source, all > velocity | 1.7-5 | stretch | source, all > velocity | 1.7-5 | buster | source, all > velocity | 1.7-5+deb9u1 | stretch-security | source, all > velocity | 1.7-6 | bullseye | source, all > velocity | 1.7-6 | sid | source, all This issue itself won't warrant a DSA for buster, but ideally a fix goes in via the next buster point release or a later one if possible. Regards, Salvatore
