Hi Étienne,

On Tue, Jul 07, 2026 at 07:51:54PM +0200, Étienne Mollier wrote:
> Hi Salvatore,
> 
> Salvatore Bonaccorso, on 2026-07-04:
> > I still filled this as RC level, but I'm unsure if they really would
> > warrant a security advisory, in particular the critical rated one
> > needs to connect to a malicious DICOM server.
> 
> Thank you for your assessment, I have reviewed the changes, they
> are numerous, and I believe more prudent to have them lingering
> a bit in stable-pu.  I'll coordinate with Stable Release
> Managers for the publication of mitigations applicable to the
> older dcmtk version in stable.

Thanks for your judgment. I will mark those issues as no-dsa in the
security-tracker for trixie, I would say LTS should at least mark them
postponed then for now until upper suites are fixed and enough
confident.

Sorry for having filled one single bug covering multiple issues this
time, but we have to batch them bit for making sure things are fixed
in unstable. It would be nicer to have individual one so version
trackiing can properly set up.

Regards,
Salvatore

Reply via email to