Hi, On 07/12/2024 04:10, Roberto C. Sánchez wrote:
The Security Team has supplied a list of packages/CVEs which were fixed by DLA (some in bullseye and some in buster) but which remain unfixed in bookworm (and which are tagged no-dsa, indicating that the Security Team has no immediate plans to address them).
What is the general feeling/context over this situation?- Does LTS fix too many mid/low CVEs, hence should prevent this situation e.g. by avoiding fixing ahead of Stable?
- Or, does LTS fixes CVEs appropriately, hence is encouraged to fix more CVEs, but always in all dists?
Cheers! Sylvain