I read somewhere on a forum that for security vulnerabilities that have "NVD security" ratings of medium or low risk, Debian's security team may not issue patches/fixes for them. Only high-risk security vulnerabilities will be fixed. Is that correct?
I was under the impression that all security vulnerabilities of whatever their risk ratings will be fixed. If you are a member of or know someone who is on Debian's security team, please clarify ask them to clarify it for me. Thanks.