There are (as of today) 9 unfixed 'medium' criticality CVEs affecting bionic (many more on xenial, but none of higher severity) according to https://people.canonical.com/~ubuntu-security/cve/pkg/phpmyadmin.html
Would it be better to remove this package from existing releases altogether, if such can be done policy-wise and technically, to prevent users growing a false sense of security?
There are (as of today) 9 unfixed 'medium' criticality CVEs affecting bionic (many more on xenial, but none of higher severity) according to https:/ /people. canonical. com/~ubuntu- security/ cve/pkg/ phpmyadmin. html
Would it be better to remove this package from existing releases altogether, if such can be done policy-wise and technically, to prevent users growing a false sense of security?