Control: tags -1 + pending On Sun, 2016-09-04 at 18:13 +0100, Adam D. Barratt wrote: > Control: tags -1 + confirmed > > On Sun, 2016-09-04 at 13:14 +0200, Gert Wollny wrote: > > The version of gdcm in jessie suffers from two security problems: > > > > CVE-2015-8396 [1] > > CVE-2015-8397 [2] > > > > However, the security team notified my that the issue does not warrant a DSA > > and I should instead just fix it via a jessie point release. > > > > The proposed patch against the package is enclosed, it adds the according > > fixes > > from the upstream repository. > > +gdcm (2.4.4-3+deb8u1) jessie-proposed-updates; urgency=medium > > Simply "jessie" is preferred. > > Please go ahead.
Uploaded and flagged for acceptance. Regards, Adam