Re: [Trisquel-users] Security Enhanced Linux Kernel? Eh? What's going on here? O.o!

[marioxcc . MT]

But no distribution audits all of the software it bundles (and even if they  
did, it is likely that several vulnerabilities go undetected); in specific,  
Ubuntu and Debian don't. For discovering vulnerabilities distributions mostly  
rely on public discoveries. Debian mentions the name of the discoverer of  
vulnerabilities in announces in the read only mailing list  
“debian-security-annou...@lists.debian.org”.

In one occasion, Debian introduced a vulnerability, possibly accidentally, it  
was discovered and fixed. There have been vulnerabilities which have remained  
undiscovered for years like CVE-2014-6271 (use a search engine for more  
information).