Control: tags -1 + confirmed On Thu, 2025-02-20 at 22:12 +0100, Étienne Mollier wrote: > Greetings, > > Étienne Mollier, on 2025-02-19: > > Étienne Mollier, on 2025-02-19: > > > We've been informed of a couple of supplemental security issues > > > in dcmtk, see #1098373 about CVE-2025-25475 and #1098374 about > > > CVE-2025-25474. Given how the patch set applies without > > > problems, I suspect dcmtk in stable is affected too, and that we > > > might want to include the fixes in the present proposed update. > > > Fixes are not in unstable as of now, but they will soon. > > > > In addition, there is CVE-2025-25472, caused by the initial fix > > for CVE-2024-47796. > > I attach a debdiff proposal to include the recently introduced > patches in unstable to fix CVE-2025-25475, CVE-2025-25474 and > CVE-2025-25472 in addition to the changes initially required to > get CVE-2024-28130 sorted.
Please go ahead. Regards, Adam
