Your message dated Wed, 19 Feb 2025 16:02:29 +0000
with message-id <e1tkmwr-00acig...@fasolo.debian.org>
and subject line Bug#1074483: fixed in dcmtk 3.6.7-9~deb12u2
has caused the Debian Bug report #1074483,
regarding dcmtk: CVE-2024-27628
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1074483: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074483
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: dcmtk
Version: 3.6.7-15
Severity: grave
Tags: security upstream
Justification: user security hole
Forwarded: https://support.dcmtk.org/redmine/issues/1108
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Control: found -1 3.6.7-9~deb12u1
Hi,
The following vulnerability was published for dcmtk.
CVE-2024-27628[0]:
| Buffer Overflow vulnerability in DCMTK v.3.6.8 allows an attacker to
| execute arbitrary code via the EctEnhancedCT method component.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2024-27628
https://www.cve.org/CVERecord?id=CVE-2024-27628
[1] https://support.dcmtk.org/redmine/issues/1108
[2]
https://github.com/DCMTK/dcmtk/commit/ec52e99e1e33fc39810560421c0833b02da567b3
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: dcmtk
Source-Version: 3.6.7-9~deb12u2
Done: Étienne Mollier <emoll...@debian.org>
We believe that the bug you reported is fixed in the latest version of
dcmtk, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1074...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Étienne Mollier <emoll...@debian.org> (supplier of updated dcmtk package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 01 Feb 2025 20:09:27 +0100
Source: dcmtk
Architecture: source
Version: 3.6.7-9~deb12u2
Distribution: bookworm
Urgency: medium
Maintainer: Debian Med Packaging Team
<debian-med-packag...@lists.alioth.debian.org>
Changed-By: Étienne Mollier <emoll...@debian.org>
Closes: 1074483 1093043 1093047
Changes:
dcmtk (3.6.7-9~deb12u2) bookworm; urgency=medium
.
* Team upload.
* 0007-CVE-2024-47796.patch: new.
This patch addresses CVE-2024-47796. (Closes: #1093043)
* 0008-CVE-2024-52333.patch: new.
This patch addresses CVE-2024-52333. (Closes: #1093047)
* 0009-CVE-2024-27628.patch: new.
This patch fixes CVE-2024-27628. (Closes: #1074483)
* 0010-CVE-2024-34508-34509.patch: new.
This patch fixes CVE-2024-34508 and CVE-2024-34509.
* 0011-CVE-2024-34508-34509_bis.patch: new.
This introduces upstream's fix to the test regression introduced by
the mitigation against CVE-2024-34508 and CVE-2024-34509.
Checksums-Sha1:
83395bece297757c223806230b480ac5c681225e 2353 dcmtk_3.6.7-9~deb12u2.dsc
3c539c4c0684917f6339a158893d02fd8ca90f8c 48048
dcmtk_3.6.7-9~deb12u2.debian.tar.xz
f1cff800bb9d6fde64f11e821319c5777226aa8e 11699
dcmtk_3.6.7-9~deb12u2_amd64.buildinfo
Checksums-Sha256:
439332d8a1083cdbad27252cfcde5e6e633845a8d83119471b5dd5f3dfdbf2e7 2353
dcmtk_3.6.7-9~deb12u2.dsc
8011329945cec7d54a4243e2066ac9be8a65421d6d2b4ca788a7dc5d53a7eead 48048
dcmtk_3.6.7-9~deb12u2.debian.tar.xz
2de4729a9b360efb9a7f4826c57bbeb6dd6313c273a6985aca62824893e3112c 11699
dcmtk_3.6.7-9~deb12u2_amd64.buildinfo
Files:
ad11bb616141bcf779dfa8651e7132b5 2353 science optional
dcmtk_3.6.7-9~deb12u2.dsc
2ab1c1ca1cdb8e4f5c9a38fed1d94f8c 48048 science optional
dcmtk_3.6.7-9~deb12u2.debian.tar.xz
2a65642a0547b3bcbe0d003bd8b50cb2 11699 science optional
dcmtk_3.6.7-9~deb12u2_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJIBAEBCgAyFiEEj5GyJ8fW8rGUjII2eTz2fo8NEdoFAmehJToUHGVtb2xsaWVy
QGRlYmlhbi5vcmcACgkQeTz2fo8NEdrc7g//UH+OXFpD8SYgYOlyCzbyFA46Yvrx
KNwaWlOdm568Xan8gCTwmyiG2cpLlycZw6zvKJQI++IIbVn2B9OIgbIpI4FGl0yg
D0X8c1ssRGS4hU/mUzPv/uKriz7/ohs7PKu+p1nRriEbKmjtOTzqbCyFI5TCrXGj
ibldUgOsbALdGBMtMuqXWjnRbWswQeVxJyL8/LSPKNBhkpTw5L/CO6IwrqZdHPnM
ZVsOzW0x3CYC34t/L8ej5panALpmhY7MhTRpnDXvmNpLdwa7VVYkuVLaQDQNZcXD
PxfGoLaEfY75b1CAJ2sE1MSeoPHWjwgieyWocgEsheKRHcm7lAlA2U8vgnDxz39m
F5sb8mmieKms9UqsFX7napFwcfTJoITncmYHFtRfqpmFrsDExTh4taSqqt5rvsGJ
2TzF5t+96cfNcKI/8GYq2JS7Tlm5HkPGSJxmlF+8jS9jhSFbJl0VyN32UFfaxE1h
0pTgWJk2eSOub1/4Wr6rfd9TylN6xt3uroKba/V6Rn/JVWcX5rPR3XHM0LWgkA1C
W318MPGVqJj+rKd8Bo2McH2I0ZScef/NAvL31n1KcXLl/AD510RFLdOb42gMfk1v
Ju8lJ14nerS85QKUw+O9hYdKepcTlrsIpjbQ0//b6CpuenJBOI/2Pr+SrkxMYouA
3zx6OeqGEuYMlTg=
=ib7Q
-----END PGP SIGNATURE-----
pgpFDLZkB8EpG.pgp
Description: PGP signature
--- End Message ---
