Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

Security of "non updated" programs

New to Debian (Or Linux in general)? Ask your questions here!
Post Reply
Message
Author
fch
Posts: 212
Joined: 2021-09-06 15:44
Has thanked: 21 times
Been thanked: 5 times

Security of "non updated" programs

#1 Post by fch »

I would like to know more how the security works on Debian, for example if a user uses a program like gajim or dino for xmpp and it's an older version than the latest release, the debian security team analyses new features and implement what is needed if needed for better security? Or it's up to user to update program the user wants to have the latest security patches?

User avatar
Hallvor
Global Moderator
Global Moderator
Posts: 2020
Joined: 2009-04-16 18:35
Location: Kristiansand, Norway
Has thanked: 138 times
Been thanked: 204 times

Re: Security of "non updated" programs

#2 Post by Hallvor »

Info on Debian security: https://www.debian.org/security/#DSAS

An older version than the current does not necessarily mean vulnerable. There would of course have to be a vulnerability in the older version, and secondly, it would have to be ignored by the Debian security team.

Debian stable has a lot of packages that aren't the latest versions, but this doesn't mean that it's insecure. On the contrary, it is probably one of the safest because of a very serious security team.

The user must apt update and apt upgrade to get the latest security fixes.

As for Gajim and the others, you can get more info here: https://tracker.debian.org/pkg/gajim
[HowTo] Install and configure Debian bookworm
Debian 12 | KDE Plasma | ThinkPad T440s | 4 × Intel® Core™ i7-4600U CPU @ 2.10GHz | 12 GiB RAM | Mesa Intel® HD Graphics 4400 | 1 TB SSD

Post Reply