Should be noted that the only version marked as vulnerable, "Bookworm", is the "... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		yabones on July 6, 2022 \| parent \| context \| favorite \| on: OpenSSL Security Advisory Should be noted that the only version marked as vulnerable, "Bookworm", is the "testing" version that has not been officially released yet and has no "security policy" other than best-effort. Its purpose is for testing the next stable release, not for everyday use. Vulnerabilities in the stable or even oldstable releases are fixed much faster and tested much more thoroughly.

smegsicle on July 6, 2022 [–]

still seems like they should run build testing as part of that 'best-effort' (assuming that's what is meant by the advisory's 'proper testing')

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact