John Darrington <john@darrington.wattle.id.au> writes:

> On Fri, Mar 17, 2017 at 04:42:59PM -0400, Kei Kebreau wrote:
>      
>      Judging from the description of the software, it seems like this could
>      fit in gnu/packages/image.scm.
>      Also, the linter says that this package vulnerable to
>      CVE-2015-8979. Supposedly this* upstream patch fixes it. Could you see
>      if that fix works for this package?
>      
>      * https://github.com/commontk/DCMTK/commit/1b6bb76
>      
>
> Unfortunately this patch doesn't go in.  It seems that as well as fixing this
> vulnerability it also makes some unrelated changes.  Furthermore, it depends
> on a whole lot of other patches which are not in this release.
>
> Do we have a procedure on what to do in cases like this?
>
> J'

I don't know if we have an official procedure, though we could try using
a later git snapshot with the security patch already integrated.
Hopefully that provides functionality compatible to that of the stable
release, though it's at least a five year difference between release times.

http://git.cmtk.org/?p=dcmtk.git,a=tags