Among the 18 debian patches available in version 20.19.4+dfsg-1 of the package, we noticed the following issues:
There are 5 open security issues in buster.
commit 03e7190b12e36008928919e5f4e9c92be28a912e Author: Jérémy Lal <kapouer@melix.org> Date: Sun Aug 31 15:27:21 2025 +0200 patch: upstream fix --shared-http-parser llhttp commit 790166539021ed6e24011f5aff7944b7a1379fbb Author: Jérémy Lal <kapouer@melix.org> Date: Wed Sep 3 20:21:33 2025 +0200 Remove b-d libhttp-parser-dev commit 95d586dc17e5fdd29474f3a7a14fad2964235176 Author: Jérémy Lal <kapouer@melix.org> Date: Fri Aug 29 22:43:39 2025 +0200 B-D simdjson >= 3.13.0 commit 436ea2b6acdc2e16d86af58603fd2e7b66b53339 Author: Jérémy Lal <kapouer@melix.org> Date: Fri Aug 29 18:17:20 2025 +0200 Build with libllhttp-dev commit 617c75751cf0cf2c77729ced4a619821b7633ec6 Author: Jérémy Lal <kapouer@melix.org> Date: Fri Aug 29 16:53:10 2025 +0200 Remove deps/llhttp from copyright commit 46b0b3f15340e9f9dc8a0894198775a9cc929ecf Author: Jérémy Lal <kapouer@melix.org> Date: Fri Aug 29 16:39:10 2025 +0200 Exclude llhttp
There are 2 open security issues in bookworm.
You can find information about how to handle these issues in the security team's documentation.