[Debian-med-packaging] Bug#1093043: dcmtk: leftover CVE status.
Étienne Mollier
emollier at debian.org
Tue Feb 11 21:24:33 GMT 2025
Hi Salvatore,
Salvatore Bonaccorso, on 2025-02-09:
> Regarding CVE-2024-28130, should we ignore it for fixing in bookworm
> if it is too risky for regressions?
With the first batch of CVEs addressed in proposed-updates, I
could take a fresher look at the patch set. I thought I would
hit a brick wall, but instead I seem to have an implementation:
* which includes the necessary upstream changes;
* which does not cause regressions in autpkgtest of reverse
dependencies;
* which does not cause build failure of reverse build
dependencies;
* which does not regress like what could be observed in the
bug #1095072.
I can't really recall why I didn't manage to get anywhere
earlier; perhaps I messed the order of the patches. My changes
are available on Salsa[1] for those who are curious. There are
a lot of changes introduced by the patches, so it could be still
deemed risky, but I now think I might be able to justify them to
the Stable Release Managers.
[1]: https://salsa.debian.org/med-team/dcmtk/-/tree/debian/bookworm?ref_type=heads
Have a good evening, :)
--
.''`. Étienne Mollier <emollier at debian.org>
: :' : pgp: 8f91 b227 c7d6 f2b1 948c 8236 793c f67e 8f0d 11da
`. `' sent from /dev/pts/3, please excuse my verbosity
`- on air: The Tangent - A Sale Of Two Souls
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/debian-med-packaging/attachments/20250211/8f0e830f/attachment-0001.sig>
More information about the Debian-med-packaging
mailing list