Question about Security report

Environment:

  • Hardware: LIME2 Pioneer edition
  • Software: Buster stable v. 19.15

I have a question about the recent modifications to the Security page. This may lead to an issue on Gitlab, but I want to make sure I understand the thought process to the modifications before I open an issue.

I believe that there is a discrepancy between two things on the security page:

1. The text in the “Status” menu reports that there there are "0 reported security vulnerabilities"

secpage1

2. The text in the table shows that there there are a few non-zero values for security vulnerabilities
secpage2

If a user clicks on the “show security vulnerabilities” button, they will see a small number of vulnerabilities and probably get confused about the statement at the top of the page.

Why does the top report 0 vulnerabilities if there are indeed a few vulnerabilities? Is it because the top is actually reporting critical vulnerabilities while the table reports all vulnerabilities? Or is it because the top only reports vulnerabilities for the FreedomBox interface while the table reports vulnerabilities for the apps? Either way, I believe that the current phrasing is a little confusing, and we could fix this issue by simply rephrasing a couple sentences.