On Mon, 2016-09-05 at 22:32 +0100, Adam D. Barratt wrote: > Control: tags -1 + pending > > On Sun, 2016-09-04 at 18:13 +0100, Adam D. Barratt wrote: > > Control: tags -1 + confirmed > > > > On Sun, 2016-09-04 at 13:14 +0200, Gert Wollny wrote: > > > The version of gdcm in jessie suffers from two security problems: > > > > > > CVE-2015-8396 [1] > > > CVE-2015-8397 [2] > > > > > > However, the security team notified my that the issue does not warrant a > > > DSA > > > and I should instead just fix it via a jessie point release. > > > > > > The proposed patch against the package is enclosed, it adds the according > > > fixes > > > from the upstream repository. > > > > +gdcm (2.4.4-3+deb8u1) jessie-proposed-updates; urgency=medium > > > > Simply "jessie" is preferred. > > > > Please go ahead. > > Uploaded and flagged for acceptance.
Unfortunately it FTBFS on ppc64el; see https://buildd.debian.org/status/fetch.php?pkg=gdcm&arch=ppc64el&ver=2.4.4-3%2Bdeb8u1&stamp=1473373168 Regards, Adam
