December 26, 2021 1:25:30 PM CET "Andrew M.A. Cater"
wrote:
> but that doesn't mean that everything marked as vulnerable is still at risk.
I couldn't understand what you meant, and figured you were referring to some
extra hardening done by Debian. Did some googling, and apparently, it's the
o
December 25, 2021 4:16:59 PM CET "Andrew M.A. Cater"
wrote:
> So you're raising issues that everyone knows but can't do a great deal about
> given the difficulties
I hate to be a broken record, but you could edit
https://www.debian.org/security/ so that it
does not say "We handle all securit
December 25, 2021 4:16:59 PM CET "Andrew M.A. Cater"
wrote:On Sat, Dec 25, 2021 at 03:36:12PM +0100, maxwillb wrote:
> So you're raising issues that everyone knows but can't do a great deal about
Then what did you mean by "It's not as if people are massively d
December 25, 2021 5:41:40 PM CET to...@tuxteam.de wrote:On Sat, Dec 25, 2021 at
05:32:58PM +0100, maxwillb wrote:
> Different folks have different criteria for different reasons, so
> whether I know a better (according to my criteria?) source is totally
> irrelevant here.
There are
December 25, 2021 5:11:20 PM CET to...@tuxteam.de wrote:On Sat, Dec 25, 2021 at
04:56:31PM +0100, maxwillb wrote:
> some NVD database...
Do you know a better source that provides CVE impact metrics?
https://www.cvedetails.com/cve/CVE-2021-37973/
has this one too, but they list the outda
December 25, 2021 1:27:03 PM CET Dan Ritter
wrote:maxwillb wrote:
> Debian doesn't ship Google Chrome.
Chromium is a subset of Chrome. This vulnerability is in that subset. HTH
Merry Christmas!
--
Sent with https://mailfence.com
Secure and private email
December 25, 2021 4:04:03 PM CET Andy Smith wrote:On Sat,
Dec 25, 2021 at 12:07:26AM +0100, maxwillb wrote:
> Dear max, I am the ghost of Christmas Open Source and I encourage you to ask
> for a full refund from Debian and all other volunteer projects that you are
> unsatisfied
December 25, 2021 1:51:39 PM CET "Andrew M.A. Cater"
wrote:On Sat, Dec 25, 2021 at 12:07:26AM +0100, maxwillb wrote:
> It's not as if people are massively dropping the ball here, in spite of your
> apprehension.
I'm sure Debian is doing its best. It's ju
https://security-tracker.debian.org/tracker/status/release/stable
shows the list of packages currently considered vulnerable, but it does not
show the severity.
For example, https://nvd.nist.gov/vuln/detail/CVE-2021-37973 has a CRITICAL
severity but the Debian security tracker simply says "not
9 matches
Mail list logo
