https://security-tracker.debian.org/tracker/CVE-2024-47176, archive
As of 10/1/24 3:52 UTC time, Trixie/Debian testing does not have a fix for the severe cupsd security vulnerability that was recently announced, despite Debian Stable and Unstable having a fix.
Debian Testing is intended for testing, and not really for production usage.
https://tracker.debian.org/pkg/cups-filters, archive
So the way Debian Unstable/Testing works is that packages go into unstable/ for a bit, and then are migrated into testing/trixie.
Issues preventing migration: ∙ ∙ Too young, only 3 of 5 days old
Basically, security vulnerabilities are not really a priority in testing, and everything waits for a bit before it updates.
I recently saw some people recommending Trixie for a “debian but not as unstable as sid and newer packages than stable”, which is a pretty bad idea. Trixie/testing is not really intended for production use.
If you want newer, but still stable packages from the same repositories, then I recommend (not an exhaustive list, of course).:
- Opensuse Leap (Tumbleweed works too but secure boot was borked when I used it)
- Fedora
If you are willing to mix and match sources for packages:
- Flatpaks
- distrobox — run other distros in docker/podman containers and use apps through those
- Nix
Can get you newer packages on a more stable distros safely.
crazy how testing is not for production. next thing you’re tellling me unstable isn’t stable smh /s
I mean you’d still expect that critical security fixes would land in testing, no?
Why bother? Backporting security updates or updating packages is work and in case of debian often unpaid. Trixie is for testing new packages and configurations, does not make a ton of sense to keep everything up to date.
it would be nice, but i only expect them to arrive with the regular package updates, i.e. when a new version of cups with the fix in it is released, not an extra quicker fix from the distro maintainer.
How are fedora or SUSE valid alternatives “from the same repos”? They’re not even based on Debian or Debian repos?
Maybe they use OpenSUSE’s https://openbuildservice.org/. It can handle multiple distributions. It’s like the AUR without touting it to be the second coming of Christ.
Sorry. I meant if you wanted to use only packages from one set of repositories/one distro, for if you were looking for lower level packages like the kernel or desktop environment to be updated.
PSA for Debian Testing users: read the wiki
https://wiki.debian.org/DebianTesting
Control-F
securityreturns 18 results. This is well known and there’s even instructions on how to get faster updates in testing if you want.Stick to stable for production. Patches for vulnerabilities will go to stable asap. That’s where you want them, not testing or unstable.
I would sooner use Windows before using Fedora. Fortunately, Linux Mint or Ubuntu exist instead.
I would sooner use Windows before using Fedora
Why?
https://lemmy.world/comment/12653110 too lazy to copy pasta the whole thing
