Comment by indigodaddy
6 months ago
Maybe they're still counting back ports as CVEs? (Seems like scanning software still always false positives on a listening port that flags for a version and doesn't take into account backport and doesn't actually test for the CVE/vuln-- it's so exasperating weeding through reports thrown at you by "Security")
But yeah seems unlikely that official Debian images would be full of CVEs unless they are not being regularly updated.
No comments yet
Contribute on Hacker News ↗