Amar Adadande wrote: > As part of our organization's security measures, we regularly conduct > security scans using the National Vulnerability Database (NVD). We have > noticed that the NVD database used by Debian may not be up to date with the > latest vulnerabilities.
You seem to be mistaken. We don't use the NVD database for anything and triage vulnerabilities ourselves. If any external provider (like apparently the security feed you seem to be using) uses incorrect/stale data which differs from what we publish via the Debian Security Tracker you should report this disprepancy to them, not us. If you believe to have found incorrect, please see here: https://security-tracker.debian.org/tracker/data/report Cheers, Moritz