The working assumption behind within a reasonable time is that the security team either has or finds a good fix for the vulnerabilities exposed. Microsoft which has way better funding than Debian has let vulnerabilities continue for months in some cases. On Sat, 22 Aug 2020, Linux for blind general discussion wrote: > Date: Fri, 21 Aug 2020 17:10:21 > From: Linux for blind general discussion <blinux-list@xxxxxxxxxx> > To: Linux for blind general discussion <blinux-list@xxxxxxxxxx> > Subject: Re: Accessible Distros for a beginner? > > On Fri, 21 Aug 2020, Linux for blind general discussion wrote: > > > Being way behind in lots of packages means security exposures galore. > > Exim was hacked by the Russians already and ssh servers world-wide have > > malware attacking them now too. > > This is why you subscribe to Debian security updates, which should be > configured by default. > > >From their security page: > > Debian takes security very seriously. We handle all security problems > brought to our > attention and ensure that they are corrected within a reasonable timeframe. > Many advisories > are coordinated with other free software vendors and are published the same > day a > vulnerability is made public and we also have a Security Audit team that > reviews the > archive looking for new or unfixed security bugs. > > Security fixes are provided for a year after the next stable version of Debian > is released. In practice, this tends to mean that a Debian release will get > regular security fixes for three years. > > Following this, LTS security updates for certain architectures will be > provided for an additional two years or so. > > You can get Debian security notices via email if you wish. > > For more information, see https://security.debian.org and > https://wiki.debian.org/LTS > > Both Exim and SSh have had several security fixes applied since Debian Buster > was released. > > If you are concerned about a specific vulnerability, you can use its CVE > number and the resources at security.debian.org to see if these have been > fixed in Debian. > > For Debian installations, you can also see which security updates have been > applied by reading /usr/share/doc/<packagename>/changelog.debian.gz > > HTH, > Geoff. > > _______________________________________________ > Blinux-list mailing list > Blinux-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/blinux-list > > -- _______________________________________________ Blinux-list mailing list Blinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/blinux-list