I believe this was answered in this recent thread: Akka Async DNS resolver vulnerability fix for Akka 2.6.x - #2 by jtownley
In short, none of these are rated as critical, so no backport. (I don’t work for Lightbend, so I can’t speak for them, but that was what was said for CVE-2023-31442 in the other thread and these other two don’t look different.)