Re: Vulnerabilities rated medium or low risk may not be fixed by Debian security team, is that correct?

On Wed, Oct 12, 2016 at 10:43:41AM -, te3...@sigaint.org wrote: > > We look at the vulnerabilities and make an assessment. > > Cheers, > > Moritz > > > > 1. If I understood correctly the contents of your reply, on what basis > does the Debian security team assess the severity of each s

Re: Vulnerabilities rated medium or low risk may not be fixed by Debian security team, is that correct?

On Wed, Oct 12, 2016 at 10:43:41AM -, te3...@sigaint.org wrote: 1. If I understood correctly the contents of your reply, on what basis does the Debian security team assess the severity of each security vulnerability? What are those criteria? You'll find that there's a lot of criticism of CV

Re: Vulnerabilities rated medium or low risk may not be fixed by Debian security team, is that correct?

> We look at the vulnerabilities and make an assessment. > Cheers, > Moritz > 1. If I understood correctly the contents of your reply, on what basis does the Debian security team assess the severity of each security vulnerability? What are those criteria? 2. Your latest reply implies stro