Control: found -1 3.0.21-1 Control: found -1 3.0.8-2 Control: fixed -1 3.0.24-1
Hi Moritz, Thanks for the tracking and the triaging of these issues! Moritz Mühlenhoff, on 2024-05-04: > Please adjust the affected versions in the BTS as needed. Done with the present email; an upload of 3.0.24-1 is on the way in unstable. I'm afraid I'm not sure how to test those vulnerabilities, but mitigations brought by Mathieu apply with no fuzz, or just a little, to gdcm in stable and oldstable (and possibly oldoldstable), so I'm inclined to assume they are affected. Hi Mathieu, don't hesitate to chime in if you have some insights on applying the mitigations on older versions. I'm still running extensive tests at the moment against (build) reverse dependencies, but there were no issues directly induced by the newer gdcm version so far. I'm considering liaising with Stable Release Managers to get gdcm fixed there too in upcoming point releases, if that helps. Have a nice day, :) -- .''`. Étienne Mollier <emoll...@debian.org> : :' : pgp: 8f91 b227 c7d6 f2b1 948c 8236 793c f67e 8f0d 11da `. `' sent from /dev/pts/2, please excuse my verbosity `- on air: Alta Forma - Apocalyptus
signature.asc
Description: PGP signature