Tim Rühsen writes:
> Hi John,
>
> On 15.01.20 17:22, John McCabe wrote:
>> Hi,
>> I notice that a patch for CVE-2017-14062 was made available for jessie
>> (security), bullseye, sid and buster but not stretch.
>>
>> Could I possibly ask why stretch didn't get a fix (I assume there's a
>> policy that I'm not aware of so apologies in advance for a dumb question.).
>
> That is a decision made by Debian and we are not Debian or part of it.
>
> Maybe someone reading this ML can answer your question. But still the
> best place for such a question would IMO be https://bugs.debian.org
> (package libidn11) or one of Debian's mailing lists (can say which is
> the best).
It appears that older releases also got updates here:
https://tracker.debian.org/pkg/libidn
Since I also (poorly) maintain the libidn debian package, this mailing
list actually is the most relevant place to discuss
Debian-libidn-related issues. On the other hand, updates for older
Debian releases are typically handled by other teams, which appear to
have made an upload here.
/Simon
signature.asc
Description: PGP signature