I've been using MariaDB, "an enhanced, drop-in replacement for MySQL" on my Debian stable servers for years, because of its increased performance.
However I've noticed that it appears to lag with relation to security updates in MySQL; for instance, there's DSA 3229-1 which lists several vulnerabilities, which do not appear to be patched in the Debian stable mariadb
package.
Is this a security versus speed tradeoff? Is MariaDB generally behind on security updates or is this just a one-off?