Hi Adam, Adam D. Barratt, on 2025-03-07: > On Thu, 2025-02-20 at 22:12 +0100, Étienne Mollier wrote: > > Étienne Mollier, on 2025-02-19: > > > Étienne Mollier, on 2025-02-19: > > > > We've been informed of a couple of supplemental security issues > > > > in dcmtk, see #1098373 about CVE-2025-25475 and #1098374 about > > > > CVE-2025-25474. Given how the patch set applies without > > > > problems, I suspect dcmtk in stable is affected too, and that we > > > > might want to include the fixes in the present proposed update. > > > > Fixes are not in unstable as of now, but they will soon. > > > > > > In addition, there is CVE-2025-25472, caused by the initial fix > > > for CVE-2024-47796. > > > > I attach a debdiff proposal to include the recently introduced > > patches in unstable to fix CVE-2025-25475, CVE-2025-25474 and > > CVE-2025-25472 in addition to the changes initially required to > > get CVE-2024-28130 sorted. > > Please go ahead.
Thanks for the go, I was worried that the situation with the multiple issues that cropped up after opening the request would make the review more delicate, and I didn't really expect the present revision to make it to 12.10 anymore. I have proceeded to the upload. Have a nice day, :) -- .''`. Étienne Mollier <emoll...@debian.org> : :' : pgp: 8f91 b227 c7d6 f2b1 948c 8236 793c f67e 8f0d 11da `. `' sent from /dev/pts/3, please excuse my verbosity `- on air: Eye 2 Eye - Garden Of Eden
signature.asc
Description: PGP signature
