Control: tags -1 - moreinfo Hi Adrian,
On Fri, Nov 29, 2024 at 10:52:42PM +0200, Adrian Bunk wrote: > Package: release.debian.org > Severity: normal > Tags: bookworm moreinfo > User: [email protected] > Usertags: pu > X-Debbugs-Cc: Chris Lamb <[email protected]>, [email protected] > > * CVE-2024-31227: DoS with malformed ACL selectors > * CVE-2024-31228: unbounded pattern matching DoS > * CVE-2024-31449: Lua bit library stack overflow > > Tagged moreinfo, as question to the security team whether they want > this in -pu or as DSA. Thanks for the question. Moritz did earlier today mark the 3 CVEs as no-dsa, and releasing the update via the next point release is sufficient. Regards, Salvatore
