Hello, I was just trying to install docker.io on Buster stable when apt-listbugs complained about one of the open CVEs listed here:
https://security-tracker.debian.org/tracker/source-package/runc Given that these are all fixed in Bullseye (and at least the grave apt-listbugs issue has been fixed in eg Ubuntu since March 2020 [1]) why not also Buster? apt-listbugs said: ... CVE-2019-16884 (Fixed: runc/1.0.0~rc9+dfsg1-1) ... According to https://tracker.debian.org/pkg/runc there are 3 open security issues in (Stretch and) Buster (though I imagine Debian's support for Stretch has ended with EOL in 2020?) - do fixes like this come in batches? Thanks, Gareth [1] https://ubuntu.com/security/notices/USN-4297-1
