Hi, I'm not sure how this got missed but the DST is missing Squeeze LTS packages! For example according to the DST Squeeze is still vulnerable to the latest OpenSSL bug, but it's actually been patched. Package : openssl CVE ID : CVE-2014-3505 CVE-2014-3506 CVE-2014-3507 CVE-2014-3508 CVE-2014-3509 CVE-2014-3510 CVE-2014-3511 CVE-2014-3512 CVE-2014-5139 https://security-tracker.debian.org/tracker/source-package/openssl