Hi Salvatore, Salvatore Bonaccorso, on 2025-02-09: > Regarding CVE-2024-28130, should we ignore it for fixing in bookworm > if it is too risky for regressions?
With the first batch of CVEs addressed in proposed-updates, I
could take a fresher look at the patch set. I thought I would
hit a brick wall, but instead I seem to have an implementation:
* which includes the necessary upstream changes;
* which does not cause regressions in autpkgtest of reverse
dependencies;
* which does not cause build failure of reverse build
dependencies;
* which does not regress like what could be observed in the
bug #1095072.
I can't really recall why I didn't manage to get anywhere
earlier; perhaps I messed the order of the patches. My changes
are available on Salsa[1] for those who are curious. There are
a lot of changes introduced by the patches, so it could be still
deemed risky, but I now think I might be able to justify them to
the Stable Release Managers.
[1]:
https://salsa.debian.org/med-team/dcmtk/-/tree/debian/bookworm?ref_type=heads
Have a good evening, :)
--
.''`. Étienne Mollier <emoll...@debian.org>
: :' : pgp: 8f91 b227 c7d6 f2b1 948c 8236 793c f67e 8f0d 11da
`. `' sent from /dev/pts/3, please excuse my verbosity
`- on air: The Tangent - A Sale Of Two Souls
signature.asc
Description: PGP signature
