Hi,

Am Freitag, dem 19.06.2026 um 10:08 -0300 schrieb Emmanuel Arias:
> 
> Could you please review gdcm[0] to fix several CVEs.
> 
[..]
>
> [0]
> https://salsa.debian.org/med-team/gdcm/-/tree/debian/bullseye?ref_type=heads

I checked the work. The patches look good to me. I trust the test cases
are executed? (I haven't built the package)

A few things I noticed:

None of the patch links are listed in the security tracker. Please add
them; also for the patches added by Etienne.

The date in the finalized changelog entry says "20 Dec 2025". Please
update the timestamp.

- multiple CVEs have not been adressed in Sid yet; IMHO you or the
maintainers should upload a fixed version to Sid and then also address
Trixie and Bookworm. Otherwise, this is a bit odd to have these issues
fixed only in Bullseye.

Regards, Daniel

Attachment: signature.asc
Description: This is a digitally signed message part

Reply via email to