[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Question about patch for CVE-2017-14062 on stretch

From: Simon Josefsson
Subject: Re: Question about patch for CVE-2017-14062 on stretch
Date: Sun, 17 May 2020 12:33:18 +0200
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux)

Tim Rühsen <address@hidden> writes:

> Hi John,
> On 15.01.20 17:22, John McCabe wrote:
>> Hi, 
>> I notice that a patch for CVE-2017-14062 was made available for jessie
>> (security), bullseye, sid and buster but not stretch.
>> Could I possibly ask why stretch didn't get a fix (I assume there's a
>> policy that I'm not aware of so apologies in advance for a dumb question.).
> That is a decision made by Debian and we are not Debian or part of it.
> Maybe someone reading this ML can answer your question. But still the
> best place for such a question would IMO be
> (package libidn11) or one of Debian's mailing lists (can say which is
> the best).

It appears that older releases also got updates here:

Since I also (poorly) maintain the libidn debian package, this mailing
list actually is the most relevant place to discuss
Debian-libidn-related issues.  On the other hand, updates for older
Debian releases are typically handled by other teams, which appear to
have made an upload here.


Attachment: signature.asc
Description: PGP signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]