On Tue, 2 Dec 2025 20:03:39 +0100 Andreas Tille <[email protected]> wrote:
Hi Alois,
Am Tue, Dec 02, 2025 at 01:45:25PM +0100 schrieb Alois Schlögl:
> release v3.9.1 addresses are number of the reported CVE but not all.
> Some MFER parsing issues are only addressed at some later commits.
> The other CVE's (related to GDF, NEX, ABF, RHS2000, BrainVision) are
> addressed by v3.9.1.
Thank you for the confirmation.
> I've planning to release 3.9.2 within the next 5 weeks, this will fix the
> other known security issues as well as a number of other bugs.
> Again, the ABI will not change. If 5 weeks is to much, I can check whether I
> can push this forward.
I personally have no pressure, just stumbled upon a bug that could / should
be fixed with the effort of a simple upgrade to latest upstream.
Just ping on the Debian Med list + this bug once you have released the
next version and whether it might fix this bug.
Kind regards
Andreas.
--
https://fam-tille.de
Hi Andreas,
these and other vulnerabilities have been addressed in the "biosig
3.9.3". API/ABI compatibilty is maintained, the changes are mostly
fixing security vulnerabilities, so this might make it eligible upgrdae
in stable-security (or at least adding to backports).
Please note, that debian/control file in salsa seems to miss some build
dependencies. This patch should fix this (see also bug 1124146)
diff --git a/release/debian/control b/release/debian/control
index 4ea71d8b..37223977 100644
--- a/release/debian/control
+++ b/release/debian/control
@@ -10,6 +10,8 @@ Build-Depends: debhelper-compat (= 13),
d-shlibs,
gawk,
python3-setuptools,
+ python3-venv,
+ python3-build,
python3-all-dev,
python3-numpy,
zlib1g-dev,
Cheers,
Alois
