te3...@sigaint.org <te3...@sigaint.org> schrieb: > I read somewhere on a forum that for security vulnerabilities that have > "NVD security" ratings of medium or low risk, Debian's security team may > not issue patches/fixes for them. Only high-risk security vulnerabilities > will be fixed. Is that correct?
No, the NVD ratings are entirely meaningless to us. In addition to security issues fixed in DSAs, there are also minor security fixes provided via the jessie point updates. Cheers, Moritz