Hello!

On 2026-06-24 23:14, Daniel Leidert wrote:
> Hi,
> 
> Am Freitag, dem 19.06.2026 um 10:08 -0300 schrieb Emmanuel Arias:
> > 
> > Could you please review gdcm[0] to fix several CVEs.
> > 
> [..]
> >
> > [0]
> > https://salsa.debian.org/med-team/gdcm/-/tree/debian/bullseye?ref_type=heads
> 
> I checked the work. The patches look good to me. I trust the test cases
> are executed? (I haven't built the package)

yes the package bulild correctly.
> 
> A few things I noticed:
> 
> None of the patch links are listed in the security tracker. Please add
> them; also for the patches added by Etienne.

Will add them
> 
> The date in the finalized changelog entry says "20 Dec 2025". Please
> update the timestamp.

Okey.

> 
> - multiple CVEs have not been adressed in Sid yet; IMHO you or the
> maintainers should upload a fixed version to Sid and then also address
> Trixie and Bookworm. Otherwise, this is a bit odd to have these issues
> fixed only in Bullseye.
Should I wait until the fixes are in Sid and the rest? or I can release
for bullseye meanwhile?
> 
> Regards, Daniel



-- 
cheers,
        Emmanuel Arias

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  [email protected]
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: 13796755BBC72BB8ABE2AEB5 FA9DEC5DE11C63F1
 ⠈⠳⣄

Attachment: signature.asc
Description: PGP signature

Reply via email to