In one occasion, Debian introduced a vulnerability, possibly accidentally, it was discovered and fixed. There have been vulnerabilities which have remained undiscovered for years like CVE-2014-6271 (use a search engine for more information).
But no distribution audits all of the software it bundles (and even if they
did, it is likely that several vulnerabilities go undetected); in specific,
Ubuntu and Debian don't. For discovering vulnerabilities distributions mostly
rely on public discoveries. Debian mentions the name of the discoverer of
vulnerabilities in announces in the read only mailing list
“debian-security-annou...@lists.debian.org”.
- Re: [Trisquel-users] Security Enhanced Linux Kernel? Eh? W... cjpaperbond
- Re: [Trisquel-users] Security Enhanced Linux Kernel? Eh? W... davesamcdxv
- Re: [Trisquel-users] Security Enhanced Linux Kernel? ... cjpaperbond
- Re: [Trisquel-users] Security Enhanced Linux Kern... davesamcdxv
- Re: [Trisquel-users] Security Enhanced Linux Kern... moxalt
- Re: [Trisquel-users] Security Enhanced Linux ... cjpaperbond
- Re: [Trisquel-users] Security Enhanced Li... davesamcdxv
- Re: [Trisquel-users] Security Enhanc... cjpaperbond
- Re: [Trisquel-users] Security Enhanc... marioxcc . MT
- Re: [Trisquel-users] Security Enhanced Li... moxalt
- Re: [Trisquel-users] Security Enhanc... cjpaperbond
- Re: [Trisquel-users] Security Enhanced Linux Kernel? Eh? W... danigaritarojas
- Re: [Trisquel-users] Security Enhanced Linux Kernel? ... cjpaperbond
- Re: [Trisquel-users] Security Enhanced Linux Kern... danigaritarojas
- Re: [Trisquel-users] Security Enhanced Linux Kernel? Eh? W... davesamcdxv