Ankur Sinha wrote on 2019/09/14 2:58:
On Fri, Sep 13, 2019 23:20:50 +0900, Mamoru TASAKA wrote:
Ankur Sinha wrote on 2019/09/13 23:07:
Well, actually some google search result is that the actual fix seems
https://github.com/commontk/DCMTK/commit/40917614e
and the tracker is
https://support.dcmtk.org/redmine/issues/858
ref: https://nvd.nist.gov/vuln/detail/CVE-2019-1010228
So it seems if the above patch only can be applied, no rebuild is
needed.
Sure, I could do that---would that be the suggested thing to do?
Given that we have evidence that the dependent tools build properly,
this is a low risk update. So, I was hoping to update to the current
version to also give users the advantage of other fixes/enhancements
than carry a patch for the one fix---especially for F30 which still has
quite a life to live.
As written on https://fedoraproject.org/wiki/Updates_Policy#Philosophy
updates should aim to fix bugs and not to introduce features. And changing
ABI is discouraged unless avoided.
Regards,
Mamoru
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
