Ankur Sinha wrote on 2019/09/14 2:58:
On Fri, Sep 13, 2019 23:20:50 +0900, Mamoru TASAKA wrote:
Ankur Sinha wrote on 2019/09/13 23:07:
Well, actually some google search result is that the actual fix seems
https://github.com/commontk/DCMTK/commit/40917614e
and the tracker is
https://support.dcmtk.org/redmine/issues/858

ref: https://nvd.nist.gov/vuln/detail/CVE-2019-1010228

So it seems if the above patch only can be applied, no rebuild is
needed.

Sure, I could do that---would that be the suggested thing to do?

Given that we have evidence that the dependent tools build properly,
this is a low risk update. So, I was hoping to update to the current
version to also give users the advantage of other fixes/enhancements
than carry a patch for the one fix---especially for F30 which still has
quite a life to live.


As written on https://fedoraproject.org/wiki/Updates_Policy#Philosophy
updates should aim to fix bugs and not to introduce features. And changing
ABI is discouraged unless avoided.

Regards,
Mamoru


_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org

Reply via email to