Hello! On 2026-06-24 23:14, Daniel Leidert wrote: > Hi, > > Am Freitag, dem 19.06.2026 um 10:08 -0300 schrieb Emmanuel Arias: > > > > Could you please review gdcm[0] to fix several CVEs. > > > [..] > > > > [0] > > https://salsa.debian.org/med-team/gdcm/-/tree/debian/bullseye?ref_type=heads > > I checked the work. The patches look good to me. I trust the test cases > are executed? (I haven't built the package)
yes the package bulild correctly.
>
> A few things I noticed:
>
> None of the patch links are listed in the security tracker. Please add
> them; also for the patches added by Etienne.
Will add them
>
> The date in the finalized changelog entry says "20 Dec 2025". Please
> update the timestamp.
Okey.
>
> - multiple CVEs have not been adressed in Sid yet; IMHO you or the
> maintainers should upload a fixed version to Sid and then also address
> Trixie and Bookworm. Otherwise, this is a bit odd to have these issues
> fixed only in Bullseye.
Should I wait until the fixes are in Sid and the rest? or I can release
for bullseye meanwhile?
>
> Regards, Daniel
--
cheers,
Emmanuel Arias
⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ [email protected]
⢿⡄⠘⠷⠚⠋⠀ OpenPGP: 13796755BBC72BB8ABE2AEB5 FA9DEC5DE11C63F1
⠈⠳⣄
signature.asc
Description: PGP signature
