Hi Emmanuel, Salvatore Bonaccorso, on 2026-02-07: > On Sat, Feb 07, 2026 at 03:08:34PM -0300, Emmanuel Arias wrote: >> Hi all, >> >> If there are no objections, I will start working on the bookworm (and >> trixie?) >> update for gdcm. There are several CVEs that are currently open, and I am >> planning to fix (in bookworm and bullseye) those already fixed in trixie and >> sid >> by Étienne Mollier: >> >> - CVE-2024-25569 >> - CVE-2024-22391 >> - CVE-2024-22373 >> >> I fixed in sid: >> >> - CVE-2025-11266 >> >> I've also contacted upstream about the more recent and open CVEs, and they >> are >> working on them, I'll keep you updated once there are news about them >> >> - CVE-2025-48429 >> - CVE-2025-52582 >> - CVE-2025-53618 >> - CVE-2025-53619 > > Thanks for the information. Those all do not warrant a DSA, so I would > suggest to check with upstream for those not yet fixed in unstable, > make sure they get fixed there, and once that is done, prepare point > release updates. > > Thanks for working on it!
Seconded, thanks for addressing those, I feel a bit bad for the various leftover open CVE issues in the Debian Med bug tracker, hope to have the appropriate cycles to tackle a few ones in not too long. At worse, the upcoming Debian Med Sprint should give a lot of time in the calendar to focus. Have a nice day, :) -- .''`. Étienne Mollier <[email protected]> : :' : pgp: 8f91 b227 c7d6 f2b1 948c 8236 793c f67e 8f0d 11da `. `' sent from /dev/pts/1, please excuse my verbosity `- on air: Sibelius - Symphonie n°2:1er mvt
signature.asc
Description: PGP signature
