|
That's a half-truth. Ideally they would, but they don't. vlc 2.2.1 (CVE-2015-5949) php 5.6.18 (CVE-2016-3142, CVE-2016-3141) firefox 44.0.2 (CVE-2016-1969, CVE-2016-1977, CVE-2016-2790, CVE-2016-2791, CVE-2016-2792, CVE-2016-2793, CVE-2016-2794, CVE-2016-2795, CVE-2016-2796, CVE-2016-2797, CVE-2016-2798, CVE-2016-2799, CVE-2016-2800, CVE-2016-2801, CVE-2016-2802, CVE-2016-1979, CVE-2016-1950, CVE-2016-1974, CVE-2016-1973, CVE-2016-1970, CVE-2016-1971, CVE-2016-1975, CVE-2016-1976, CVE-2016-1972, CVE-2016-1966, CVE-2016-1968, CVE-2016-1967, CVE-2016-1965, CVE-2016-1964, CVE-2016-1963, CVE-2016-1962, CVE-2016-1961, CVE-2016-1960, CVE-2016-1959, CVE-2016-1958, CVE-2016-1957, CVE-2016-1956, CVE-2016-1955, CVE-2016-1954, CVE-2016-1953, CVE-2016-1952) Obviously these are cherry-picked and are historically known for their many vulns; but they are also popular enough that one would assume that they'd get special attention. Depending on ports from -STABLE in a security sensitive environment is a bad idea imo. |