this post was submitted on 25 Feb 2026
9 points (90.9% liked)
Debian
1204 readers
32 users here now
❤️ Debian
Rules
- Keep it about Debian.
- Be respectful.
- Engage in constructive discussions.
- Please, no harassment, hate speech, or trolling.
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Debian repo of docker is a couple versions behind.
The current official release is 29.2.1
While the Debian repo is 26.1.5
There are security issues that have been patched since 26.1.5 was released in 2024.
3 of them allows for container escape which you don't want.
Please don't use the versions to analyze if debian's docker has security issues.
Debian has a model of taking a version of a package, and then only doing security updates to it, no feature updates or even noncritical bugfixes, to ensure maximum compatibility. Like most stable release distros, they use their own versioning scheme, usually appending extra numbers. The actual version of docker in use is 26.1.5+dfsg1-9 - the stuff after the dash indicating extra updates. https://packages.debian.org/stable/docker.io
If you visit the debian security tracker, you will see that docker.io is not included in the list of currently vulnerable packages: https://security-tracker.debian.org/tracker/status/release/stable
Thanks. I thought Debian was supposed to include security updates.
They do. The person you are replying to is wrong.
They do backport some but can't for every package.