On Fri, Mar 17, 2017 at 04:42:59PM -0400, Kei Kebreau wrote:
     
     Judging from the description of the software, it seems like this could
     fit in gnu/packages/image.scm.
     Also, the linter says that this package vulnerable to
     CVE-2015-8979. Supposedly this* upstream patch fixes it. Could you see
     if that fix works for this package?
     
     * https://github.com/commontk/DCMTK/commit/1b6bb76
     

Unfortunately this patch doesn't go in.  It seems that as well as fixing this
vulnerability it also makes some unrelated changes.  Furthermore, it depends
on a whole lot of other patches which are not in this release.

Do we have a procedure on what to do in cases like this?

J'

-- 
Avoid eavesdropping.  Send strong encrypted email.
PGP Public key ID: 1024D/2DE827B3 
fingerprint = 8797 A26D 0854 2EAB 0285  A290 8A67 719C 2DE8 27B3
See http://sks-keyservers.net or any PGP keyserver for public key.