Tim Rühsen <tim.rueh...@gmx.de> writes: > Hi John, > > On 15.01.20 17:22, John McCabe wrote: >> Hi, >> I notice that a patch for CVE-2017-14062 was made available for jessie >> (security), bullseye, sid and buster but not stretch. >> >> Could I possibly ask why stretch didn't get a fix (I assume there's a >> policy that I'm not aware of so apologies in advance for a dumb question.). > > That is a decision made by Debian and we are not Debian or part of it. > > Maybe someone reading this ML can answer your question. But still the > best place for such a question would IMO be https://bugs.debian.org > (package libidn11) or one of Debian's mailing lists (can say which is > the best).
It appears that older releases also got updates here: https://tracker.debian.org/pkg/libidn Since I also (poorly) maintain the libidn debian package, this mailing list actually is the most relevant place to discuss Debian-libidn-related issues. On the other hand, updates for older Debian releases are typically handled by other teams, which appear to have made an upload here. /Simon
signature.asc
Description: PGP signature
