Since Tails is based on Debian, it takes advantage of all the work done by the Debian security team. As quoted from

Debian takes security very seriously. We handle all security problems brought to our attention and ensure that they are corrected within a reasonable timeframe. Many advisories are coordinated with other free software vendors and are published the same day a vulnerability is made public and we also have a Security Audit team that reviews the archive looking for new or unfixed security bugs.

Experience has shown that "security through obscurity" does not work. Public disclosure allows for more rapid and better solutions to security problems. In that vein, this page addresses Debian's status with respect to various known security holes, which could potentially affect Debian.

Current holes

Probable holes

Until an audit of the bundled network applications is done, information leakages at the protocol level should be considered as − at the very least − possible.

Fixed holes

WARNING: some of these holes may only be fixed in Git. Please carefully read the "Affected versions" sections below.

Security hole in I2P 0.9.13
Posted 2014-07-24


Audits of Tails that we are aware of are collected in audits.