Hello, I tried to have a closer look at CVE-2024-28130 in dcmtk in bookworm and noted there were ports of fixes to Debian bullseye LTS earlier that year. Either by picking upstream commits or by fetching LTS patches, changes were sufficiently involved that I didn't feel confident to make the necessary adjustments myself. I have otherwise pushed a few changes on Salsa to address the CVE-2024-34508 and CVE-2024-34509; in addition to the fix, it was necessary to make a small adjustment to address a regression in a test item, for which I pulled another upstream change.
I believe these changes in dcmtk are good enough to contact the stable release manager for an upload in the upcoming point release and will proceed. Have a nice day, :) -- .''`. Étienne Mollier <emoll...@debian.org> : :' : pgp: 8f91 b227 c7d6 f2b1 948c 8236 793c f67e 8f0d 11da `. `' sent from /dev/pts/3, please excuse my verbosity `- on air: The Flower Kings - Garden of Dreams
signature.asc
Description: PGP signature
