Blogspam to try and sell their product. Just read the mailing list post instead and ignore this, it adds nothing. https://seclists.org/oss-sec/2025/q4/138

They don't clearly say the most important thing up-front which is "If you do not run untrusted images, then these vulnerabilities do not impact you, but you should still of course update asap"