Your message dated Thu, 22 Aug 2024 05:32:08 +0000
with message-id <e1sh0qa-00fmkc...@fasolo.debian.org>
and subject line Bug#1074534: fixed in dcm2niix 1.0.20220720-1+deb12u1
has caused the Debian Bug report #1074534,
regarding dcm2niix: CVE-2024-27629
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1074534: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074534
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: dcm2niix
Version: 1.0.20220720-1
Severity: grave
Tags: security upstream
Justification: user security hole
Forwarded: https://github.com/rordenlab/dcm2niix/pull/789
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi,
The following vulnerability was published for dcm2niix.
CVE-2024-27629[0]:
| An issue in dc2niix before v.1.0.20240202 allows a local attacker to
| execute arbitrary code via the generated file name is not properly
| escaped and injected into a system call when certain types of
| compression are used.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2024-27629
https://www.cve.org/CVERecord?id=CVE-2024-27629
[1] https://github.com/rordenlab/dcm2niix/pull/789
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: dcm2niix
Source-Version: 1.0.20220720-1+deb12u1
Done: Étienne Mollier <emoll...@debian.org>
We believe that the bug you reported is fixed in the latest version of
dcm2niix, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1074...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Étienne Mollier <emoll...@debian.org> (supplier of updated dcm2niix package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 07 Aug 2024 21:49:01 +0200
Source: dcm2niix
Architecture: source
Version: 1.0.20220720-1+deb12u1
Distribution: bookworm
Urgency: medium
Maintainer: Debian Med Packaging Team
<debian-med-packag...@lists.alioth.debian.org>
Changed-By: Étienne Mollier <emoll...@debian.org>
Closes: 1074534
Changes:
dcm2niix (1.0.20220720-1+deb12u1) bookworm; urgency=medium
.
* Team upload.
* CVE-2024-27629.patch: new: fix risk of arbitrary code execution.
Fixes: CVE-2024-27629 (Closes: #1074534)
Checksums-Sha1:
5c24a053e21874dc50f31847fb15a4ef08983199 2622
dcm2niix_1.0.20220720-1+deb12u1.dsc
c3ae814bcfff20208720ea2a2e57b68fbd30af87 6332
dcm2niix_1.0.20220720-1+deb12u1.debian.tar.xz
Checksums-Sha256:
c8df4102743dd56da7bcca1d7f92137b06ae567c8a18a8b3c87925fef90d88cd 2622
dcm2niix_1.0.20220720-1+deb12u1.dsc
c0819f7c06fb8c9f571aa50f4e17ee18c28d9018d97d967d87ce20af1b46b826 6332
dcm2niix_1.0.20220720-1+deb12u1.debian.tar.xz
Files:
e5c4e135f2389a9869744f1c9a641410 2622 science optional
dcm2niix_1.0.20220720-1+deb12u1.dsc
ec2da60960e31b0016bcb396957dd8d6 6332 science optional
dcm2niix_1.0.20220720-1+deb12u1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQJIBAEBCgAyFiEEj5GyJ8fW8rGUjII2eTz2fo8NEdoFAmbA3V4UHGVtb2xsaWVy
QGRlYmlhbi5vcmcACgkQeTz2fo8NEdr4Tw//QJRflRIQzOZwlEmLvdY8mQuBZ8jZ
nmHMlGmOn9uch7e9BGFCAYmfMW+faOuB93AdvwzQISDcHNGPZlk0QfSrZ/Qm5xKQ
X3jAN65XnYEvNXfI5+Z6zEKyn+myoWqChqnQkeVyzJg8xzeg/Q5ALocp2d7BudgW
26aZyW0qhN+R32716gZfEy76h6xG0Uw5Z2nGoZINZR9sH4qiZ3mxk7LffeMEI5Xa
yWR5RXztGrNI3YgQRElp90d13fKLF39PyPUhyt0h+waLRHbqkyd0XmY4XbY+26La
Y+8N2QMk8v//y/qenjNiglUm0BQ1XZ73G+H8a2HmBQ4G5DxrLeW8LXVn4V7sZuPI
uqVqKH8m4+Yd+FKVJEYbWMVWFixXCiDKXR3toIsOv+3qzQejT7ls3K05qedQOWAo
4COnVitoCEN0WWwzKhyK3EECPrRHUjXLTW5HMKe4EjJyfJCgSdPEYuF45GXQvVsL
pqVqA1WVwOZdkb+dD0dqiL0gpZ1F9/bIOUOL19xY8zrESyLDvN0xEzcg0Ub7lSxv
+FxhzmSCpM0cDHm3J+eGhif79ZaX9YWIoHEw/0CR/c/ghHZvGA8DNWnjsRVe4Pe+
8rS4O3RZQL0J/mCZvc1EWOELlH2VhQbctWIgG7vRsU4UJoB9YqGzI1koL9gjoUcP
P/vjfXaI8a5jKLk=
=Bp+9
-----END PGP SIGNATURE-----
pgpxuJCPdJY7a.pgp
Description: PGP signature
--- End Message ---
