Hi Salvatore, Salvatore Bonaccorso, on 2025-01-26: > On Sat, Jan 18, 2025 at 04:28:55PM +0100, Étienne Mollier wrote: > > Thanks for the reports, patches apply without much fuzz to dcmtk > > versions provided in sid, stable and oldstable. I would assume > > they are all affected by CVE-2024-47796 and CVE-2024-52333, in > > doubt. > > Aplogies for the late reply. Thanks for fixing the issues in unstable.
You don't need to apologize, thank you for having sent the status on your end. :) I must admit I feel a bit at fault myself as I pondered whether to liaise with appropriate teams to follow up on stable without having actually acted, and moved on other activities in the meantime (added to that I got caught afk as life happens). Hopefully the present week will be simpler. > For bookworm: Can you fix those and ideally as well the other no-dsa > CVEs in the upcoming point release? So that I don't miss any, if I follow correctly the security tracker[1], that means the two CVE published lately: * CVE-2024-47796 * CVE-2024-52333 plus these ones from an earlier time: * CVE-2024-27628 * CVE-2024-28130 * CVE-2024-34508 * CVE-2024-34509 [1]: https://security-tracker.debian.org/tracker/source-package/dcmtk The two first shouldn't be too difficult. I haven't looked at the four others yet. If all goes well, I should be able to work with the Stable release managers upon upcoming weekend, if not earlier. Have a nice day, :) -- .''`. Étienne Mollier <emoll...@debian.org> : :' : pgp: 8f91 b227 c7d6 f2b1 948c 8236 793c f67e 8f0d 11da `. `' sent from /dev/pts/4, please excuse my verbosity `- on air: A.C.T - Wailings From a Building
signature.asc
Description: PGP signature
