When a new release is made it take as base some debian release in that time with a bunch of aligned upstream packages is choice and all libraries are put together. What happens is that we freeze those versions to keep doing updates, such as security ones. Upstream packages don't freezes their libraries or dependency they change very quick (for some pkgs of course) so as an upstream package 'evolves' to a new version it may have new libraries or dependencies what can break a freezed release. For example, a libc dependency can break everything if it introduces new symbols from a old version to a new one.
In that scenario this package is in universe so the best we can do is do security updates in some exceptional cases, such as if it's a customer request. As you can see it has also a bit of business here. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1776600 Title: version 3.3.1 has a security hole CVE-2017-11610 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/supervisor/+bug/1776600/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
