Your message dated Mon, 08 Jul 2024 11:49:17 +0000
with message-id <e1sqmrt-004qwr...@fasolo.debian.org>
and subject line Bug#1074483: fixed in dcmtk 3.6.8-6
has caused the Debian Bug report #1074483,
regarding dcmtk: CVE-2024-27628
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1074483: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074483
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: dcmtk
Version: 3.6.7-15
Severity: grave
Tags: security upstream
Justification: user security hole
Forwarded: https://support.dcmtk.org/redmine/issues/1108
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Control: found -1 3.6.7-9~deb12u1
Hi,
The following vulnerability was published for dcmtk.
CVE-2024-27628[0]:
| Buffer Overflow vulnerability in DCMTK v.3.6.8 allows an attacker to
| execute arbitrary code via the EctEnhancedCT method component.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2024-27628
https://www.cve.org/CVERecord?id=CVE-2024-27628
[1] https://support.dcmtk.org/redmine/issues/1108
[2]
https://github.com/DCMTK/dcmtk/commit/ec52e99e1e33fc39810560421c0833b02da567b3
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: dcmtk
Source-Version: 3.6.8-6
Done: Mathieu Malaterre <ma...@debian.org>
We believe that the bug you reported is fixed in the latest version of
dcmtk, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1074...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Mathieu Malaterre <ma...@debian.org> (supplier of updated dcmtk package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 08 Jul 2024 13:31:04 +0200
Source: dcmtk
Architecture: source
Version: 3.6.8-6
Distribution: unstable
Urgency: medium
Maintainer: Debian Med Packaging Team
<debian-med-packag...@lists.alioth.debian.org>
Changed-By: Mathieu Malaterre <ma...@debian.org>
Closes: 1074483 1075917
Changes:
dcmtk (3.6.8-6) unstable; urgency=medium
.
* d/t/run-unit-test: Fix unit-test for new release. Closes: #1075917
* d/patches: Fixed possible overflows when allocating memory. Closes:
#1074483
Checksums-Sha1:
c6414c45739e82603f38bec31a4e6b4295189137 2410 dcmtk_3.6.8-6.dsc
cb24d221b83165ff0a7a396d791bc45558e3fd63 56852 dcmtk_3.6.8-6.debian.tar.xz
93a29df61cb84084514eef7dd1b5444ff8a59898 9040 dcmtk_3.6.8-6_source.buildinfo
Checksums-Sha256:
76a67b74abcc6fffd0727e24a68a8a0def6a093de46567e384ae8d834b7d7a82 2410
dcmtk_3.6.8-6.dsc
b965dc6dc37e85bef66b03473f6ccac504f7c417370217ec8412ad636b3bfef1 56852
dcmtk_3.6.8-6.debian.tar.xz
220a00452e14836125f617cfe3bf2b5ff7b1a18e3ea4b763a3c49cc5a98750ad 9040
dcmtk_3.6.8-6_source.buildinfo
Files:
f6def198d0fb6f9ae6c422fd630bfdaa 2410 science optional dcmtk_3.6.8-6.dsc
df03a54ddab175e7b5f7aeca8342b072 56852 science optional
dcmtk_3.6.8-6.debian.tar.xz
3796d0e1aca9d9b73b4bb280420effe9 9040 science optional
dcmtk_3.6.8-6_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJFBAEBCgAvFiEEaTNn/67NjqrNHwY7AXHhgorgk0UFAmaLzjwRHG1hbGF0QGRl
Ymlhbi5vcmcACgkQAXHhgorgk0VszA//cBIC39JDAQjDyzp3sK+0MxI2Fg29bUre
B0yhYDD90H3PdOzMhv9l/Pd4FfIHmd1xefdz7scgzhr5QC9uJDk0OIvT2Ndmb14d
nY+g3vVA1Nu+GGQef6d8JazG66cTHGxsxrzloo3x1mKaBI6CsbbkY/5eO+EHB7rq
FFwrdH9v/GDfSN1hRZSg8KQTpZRXGBEs/6xIShivbcSMMhJjVbEmjn6s65m9fGqr
uiRHmZ0X6AEsd3cF5ryHhXlUFXJUghBF9ctXLJkju15JZ1J4dVyI0diW7jSNfkZ9
IJf6byjiIJjcaIoJw/mj/dvVMKbOXd0SyH95lRdBZ7w481jl1JhkdpJDXWSc9ymZ
QrQ7NOSyGSuVuXlOfm0zZ7k/GXtVOPoOAIkHHO6Rh/c+r+lM5oguiVKc5N+3d/Aj
CFoEv/QnlcYlb270YLWL4yYZzCTYMcH0aXm1kIGG0n+cCLnxQBOnGL4j883+C33v
zC/b2zgrIJ2eRqc6qFHZsW/qSHxHuTHwnaAGoBBKz9J1D9BnP9DJFk/4CUCWPoGD
hYWT43vYJ2bs8ky1irLjAbBqiDTaQ4vY1UuFbr7kQiuAg9NVh7elUnVp5bZxLBYn
Pe+mpXI/UhtapyNcW5K5Zyi7oi/iWheLk+yQvsl1OyMCc9YjklvBVb2yircIhnEn
dvCRfBrb2ow=
=HDFv
-----END PGP SIGNATURE-----
pgpr10O4yg1Df.pgp
Description: PGP signature
--- End Message ---
