Your message dated Sat, 08 Mar 2025 16:17:09 +0000
with message-id <e1tqwrn-007vsg...@fasolo.debian.org>
and subject line Bug#1098374: fixed in dcmtk 3.6.7-9~deb12u3
has caused the Debian Bug report #1098374,
regarding dcmtk: CVE-2025-25474
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1098374: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098374
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: dcmtk
Version: 3.6.9-3
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi,
The following vulnerability was published for dcmtk.
CVE-2025-25474[0]:
| DCMTK v3.6.9+ DEV was discovered to contain a buffer overflow via
| the component /dcmimgle/diinpxt.h.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-25474
https://www.cve.org/CVERecord?id=CVE-2025-25474
[1]
https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=1d205bcd307164c99e0d4bbf412110372658d847
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: dcmtk
Source-Version: 3.6.7-9~deb12u3
Done: Étienne Mollier <emoll...@debian.org>
We believe that the bug you reported is fixed in the latest version of
dcmtk, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1098...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Étienne Mollier <emoll...@debian.org> (supplier of updated dcmtk package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 20 Feb 2025 21:59:03 +0100
Source: dcmtk
Architecture: source
Version: 3.6.7-9~deb12u3
Distribution: bookworm
Urgency: medium
Maintainer: Debian Med Packaging Team
<debian-med-packag...@lists.alioth.debian.org>
Changed-By: Étienne Mollier <emoll...@debian.org>
Closes: 1070207 1098373 1098374
Changes:
dcmtk (3.6.7-9~deb12u3) bookworm; urgency=medium
.
* Team upload.
* Introduce patch series to fix CVE-2024-28130.
This change introduces the patches:
* 0001-Fixed-unchecked-typecasts-of-DcmItem-search-results.patch
* 0002-Fixed-unchecked-typecasts-and-fixed-LUT-handling.patch
* 0003-Fixed-wrong-error-handling-previous-commit.patch
mapping to upstream commits:
* dc6a2446dc03c9db90f82ce17a597f2cd53776c5
* 601b227eecaab33a3a3a11dc256d84b1a62f63af
* 7d54f8efec995e5601d089fa17b0625c2b41af23
with the nuance that upstream check functions are inlined, in order to
avoid an ABI breakage.
Thanks to Adrian Bunk (Closes: #1070207)
* 0009-CVE-2025-25475.patch: new: fix CVE-2025-25475. (Closes: #1098373)
* 0010-CVE-2025-25474.patch: new: fix CVE-2025-25474. (Closes: #1098374)
* 0011-CVE-2025-25472.patch: new: fix CVE-2025-25472.
Checksums-Sha1:
bb122966c109f5fe03eff38d57fbdc301e4c2d4a 2354 dcmtk_3.6.7-9~deb12u3.dsc
7a5c57977c0d2386bb6c670083ebd79509ea77ca 59048
dcmtk_3.6.7-9~deb12u3.debian.tar.xz
15027b316222fc199ebd4903a6fa0382d5cccec2 11700
dcmtk_3.6.7-9~deb12u3_amd64.buildinfo
Checksums-Sha256:
17420b6540e2f376063d56281a2a050df1ebe072d98ec99d89f70b6368e44909 2354
dcmtk_3.6.7-9~deb12u3.dsc
a25c6012ddf353ee6e86d506380beb8cca0c50cf8c075dddea922b95ac421325 59048
dcmtk_3.6.7-9~deb12u3.debian.tar.xz
bcb9efa6172694f850cdd38c608ba6d34d4a11998aaf63a5e6174e680d3a54b8 11700
dcmtk_3.6.7-9~deb12u3_amd64.buildinfo
Files:
3db1a71d4e2ee813af483fbcee73f931 2354 science optional
dcmtk_3.6.7-9~deb12u3.dsc
d8ca3164ba108260159b5b8d2ba90c8e 59048 science optional
dcmtk_3.6.7-9~deb12u3.debian.tar.xz
b95acb21ad3de1e27aa6a7181e29cd05 11700 science optional
dcmtk_3.6.7-9~deb12u3_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJIBAEBCgAyFiEEj5GyJ8fW8rGUjII2eTz2fo8NEdoFAmfLR4YUHGVtb2xsaWVy
QGRlYmlhbi5vcmcACgkQeTz2fo8NEdqnhw/8DpOvvDQKhV2PFtVfQaHj1PAQAfue
JZ42xJ/37pO/EwH4A41a1kc6g7v2J7wklILH3rszpGz+cMqPRreDnFgoCgHo7IKF
28jjCHdh1GBIe0WVIoh4uqOtEbxziEf0mqrxlJXX/l7tKT+3mmVuqvVqyW0v0ILj
kbQIKNWlV4NufbGO54kHt86m+qAwBIyCzmqEMA+sDE+8yXqgyUT2fIM752p23DbR
99uUq04KwmYFC86kxLznMXLUtfODvl/z3ItJimUaJHzo5gCOn2zusgErssm2LfvW
8a4AXX4d4+YXaS018Vzsme1QQMa4eGwgTZT4r8CAqn09p53XzkEJ33MbJBBJZiLH
agcWMevqt8vzFfnA48dfAGZGmbr3cTbJk1hnWLqCD/c8x02Vwv0RWpG2XIrkCy35
3dQJ6Pc7hpGhzt0w04X3+P8mGRaubksT2Lxb5ugwGrAbLDC4S1DfXdjlXLEwvdCY
pvLM6T08MTX+gAhw7/w9gYQqNLKOqG/w6bKnGc1OkhVCZ7jjHkTfFdrV51ywGdb9
X3OmEOWUVSFCNOz4Ew97rQ2rTMQpL/FP9OfN5m7Jz/C51TWRDa1nOJzCBq+8HEUB
rcXX99inT2k30qWzO10ER0IXNVY8BO1Bi5uWD+KQ0mGMZzD/cgUnlYkjByoUgQWg
tZXor0r3CBQ359o=
=69UX
-----END PGP SIGNATURE-----
pgpk33tggNzR2.pgp
Description: PGP signature
--- End Message ---
