Hi Étienne, Am Dienstag, dem 10.02.2026 um 23:27 +0100 schrieb Étienne Mollier: > Hi Markus, > > > I have prepared security updates for bookworm and trixie and could also fix > > unstable via targeted patches. I would rather not package a new upstream > > release though. I believe the release team would be in favor of addressing > > these issues in unstable and testing first before I am going to fix > > bookworm > > and trixie. What do you think? > > I rediscovered work in progress staging in a directory on my > machine to proceed to a dcmtk upstream upgrade in unstable. > I've never finished, probably due to running into other duties > AFK. I'm not sure how much work is left to have the package > into an uploadable state. I'm okay with rebasing my work on top > of your NMU/Team upload with targeted changes, so that getting > the newer upstream release does not go in the way of shipping > the necessary security patches.
If you have already started to work on a new upstream release, then I suggest to continue this path because I assume users prefer that anyway in unstable or testing. Version 3.7.0 includes the fixes for these two CVE. If you won't have the time to upload a new upstream version in February then I can prepare a NMU with two targeted patches based on the current version in unstable. We don't need to rebase your work though because, like I said, the new upstream version will fix the problem anyway. > > Thanks for your help with fixing the security issues of dcmtk in > stable release! > > Have a nice day, :) Cheers, Markus
signature.asc
Description: This is a digitally signed message part
