Re: Proven packager help request: DCMTK (and dependent packages) require update in F29/F30

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Ankur Sinha wrote on 2019/09/13 23:07:
Hello,

A CVE[1] in dcmtk was fixed in 3.6.4 which is in F31+. F29 and F30 are
still at 3.6.2 however, and need updating. This includes a soname bump
([2] vs [3]), though, so dependent packages will also need to be rebuilt
and pushed as updates all at once.

sudo dnf repoquery --source --whatrequires 'libdcm*(64bit)'
[sudo] password for asinha:
Last metadata expiration check: 0:53:07 ago on Fri 13 Sep 2019 14:07:55 BST.
OpenImageIO-2.0.7-1.fc30.src.rpm
OpenImageIO-2.0.9-1.fc30.src.rpm
aeskulap-0.2.2-0.37.beta2.fc30.src.rpm
ctk-0.1-0.10.20171224git71799c2.fc29.src.rpm
dcmtk-3.6.2-4.fc29.src.rpm
gtatool-2.2.0-11.fc28.src.rpm
gtatool-2.2.3-1.fc30.src.rpm
orthanc-1.5.4-1.fc30.src.rpm


They all build correctly in F31 with the new version, so I do not expect
any build failures. Could I please solicit the help of a proven-packager
to rebuild them all in F29/F30 and push combined updates please?

If you maintain any of these packages and have any concerns, please let
us know.

[1] https://bugzilla.redhat.com/show_bug.cgi?id=1732222
[2] https://koji.fedoraproject.org/koji/rpminfo?rpmID=14644638
[3] https://koji.fedoraproject.org/koji/rpminfo?rpmID=18968192

Well, actually some google search result is that the actual fix seems
https://github.com/commontk/DCMTK/commit/40917614e
and the tracker is
https://support.dcmtk.org/redmine/issues/858

ref: https://nvd.nist.gov/vuln/detail/CVE-2019-1010228

So it seems if the above patch only can be applied, no rebuild is
needed.

Regards,
Mamoru

_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux