Bug#836592: jessie-pu: package gdcm/2.4.4-3
On Mon, 2016-09-05 at 22:32 +0100, Adam D. Barratt wrote:
> Control: tags -1 + pending
>
> On Sun, 2016-09-04 at 18:13 +0100, Adam D. Barratt wrote:
> > Control: tags -1 + confirmed
> >
> > On Sun, 2016-09-04 at 13:14 +0200, Gert Wollny wrote:
> > > The version of gdcm in jessie suffers from two security problems:
> > >
> > > CVE-2015-8396 [1]
> > > CVE-2015-8397 [2]
> > >
> > > However, the security team notified my that the issue does not warrant a DSA
> > > and I should instead just fix it via a jessie point release.
> > >
> > > The proposed patch against the package is enclosed, it adds the according fixes
> > > from the upstream repository.
> >
> > +gdcm (2.4.4-3+deb8u1) jessie-proposed-updates; urgency=medium
> >
> > Simply "jessie" is preferred.
> >
> > Please go ahead.
>
> Uploaded and flagged for acceptance.
Unfortunately it FTBFS on ppc64el; see
https://buildd.debian.org/status/fetch.php?pkg=gdcm&arch=ppc64el&ver=2.4.4-3%2Bdeb8u1&stamp=1473373168
Regards,
Adam
Reply to: