Debian Has Slow Security Updates?
Source: DebianPlanet.org
Some comments on the Linux Today story about the recent glibc security update challenged my perception that Debian is very responsive to security problems in core packages. Basically, they say that this vulnerability was reported on December 14th. Has it really taken one month to deliver a core glibc update?
This brings up a larger issue regarding security for me. I regularly run Nessus against our Deb boxes and see reports about vulnerabilities in OpenSSH and other packages. I was always under the assumption that the bug fixes were back ported to the stable version used in Potato and that Nessus was detecting the version of the package, not the existance of a real vulnerability. If I was wrong about Deb having the fastest security updates out of the shoot, maybe I am wrong about other assumptions. Can anyone give me a definitive answer?