On Sun, Dec 26, 2021 at 01:19:53AM +0100, maxwillb wrote: > December 25, 2021 4:16:59 PM CET "Andrew M.A. Cater" <amaca...@einval.com> > wrote: > > > So you're raising issues that everyone knows but can't do a great deal > > about given the difficulties > > I hate to be a broken record, but you could edit > https://www.debian.org/security/ so that it > does not say "We handle all security problems brought to our attention and > ensure that they > are corrected within a reasonable timeframe. " and add a link to > https://security-tracker.debian.org/tracker/status/release/stable instead. > > Even though it does not allow you to filter vulnerabilities by severity, it > is better than nothing. > > Merry Christmas! >
Hi, I hate to be a broken record but - the best information you have is from the security bug tracker and, as it says, this is based on source packages, not necessarily binaries built from that. It's also explicitly noted as being based from unstable - if fixes go in there, they are recorded and prior releases are marked as vulnerable - fixes and backports happen -but that doesn't mean that everything marked as vulnerable is still at risk. It's also true to say that some people still run oldstable and would be interested in vulnerabilities there for example. [There's a reason I keep on about keeping yourself up to date / running the latest stable release in this list: I (and others) also point out the experience that is needed if you want to run testing / unstable and the relative level of security support.] If you're unhappy with data presentation, feel free to contact the security team Andy Cater > -- > Sent with https://mailfence.com > Secure and private email >