[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Question about patch for CVE-2017-14062 on stretch
From: |
Simon Josefsson |
Subject: |
Re: Question about patch for CVE-2017-14062 on stretch |
Date: |
Sun, 17 May 2020 12:33:18 +0200 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) |
Tim Rühsen <address@hidden> writes:
> Hi John,
>
> On 15.01.20 17:22, John McCabe wrote:
>> Hi,
>> I notice that a patch for CVE-2017-14062 was made available for jessie
>> (security), bullseye, sid and buster but not stretch.
>>
>> Could I possibly ask why stretch didn't get a fix (I assume there's a
>> policy that I'm not aware of so apologies in advance for a dumb question.).
>
> That is a decision made by Debian and we are not Debian or part of it.
>
> Maybe someone reading this ML can answer your question. But still the
> best place for such a question would IMO be https://bugs.debian.org
> (package libidn11) or one of Debian's mailing lists (can say which is
> the best).
It appears that older releases also got updates here:
https://tracker.debian.org/pkg/libidn
Since I also (poorly) maintain the libidn debian package, this mailing
list actually is the most relevant place to discuss
Debian-libidn-related issues. On the other hand, updates for older
Debian releases are typically handled by other teams, which appear to
have made an upload here.
/Simon
signature.asc
Description: PGP signature
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- Re: Question about patch for CVE-2017-14062 on stretch,
Simon Josefsson <=