Hi John, On 15.01.20 17:22, John McCabe wrote: > Hi, > I notice that a patch for CVE-2017-14062 was made available for jessie > (security), bullseye, sid and buster but not stretch. > > Could I possibly ask why stretch didn't get a fix (I assume there's a > policy that I'm not aware of so apologies in advance for a dumb question.).
That is a decision made by Debian and we are not Debian or part of it. Maybe someone reading this ML can answer your question. But still the best place for such a question would IMO be https://bugs.debian.org (package libidn11) or one of Debian's mailing lists (can say which is the best). Regards, Tim
Description: OpenPGP digital signature