> We look at the vulnerabilities and make an assessment. > Cheers, > Moritz >
1. If I understood correctly the contents of your reply, on what basis does the Debian security team assess the severity of each security vulnerability? What are those criteria? 2. Your latest reply implies strongly the possibility of the Debian security team's assessments of security vulnerabilities differing from those of the security teams of other popular Linux distros such as Gentoo, Kali, ArchLinux, Ubuntu, etc. Am I correct? As an example, ArchLinux issues a patch for a security vulnerability CVE-2016-xyz with an NVD rating of medium risk. However the Debian security team does not issue a fix for it.
