Adrian Bunk pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d3cf1fcf by Adrian Bunk at 2025-01-31T23:03:54+02:00
Reserve DLA-4038-1 for dcmtk
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -76051,14 +76051,12 @@ CVE-2024-34509 (dcmdata in DCMTK before 3.6.9 has a
segmentation fault via an in
{DLA-3847-1}
- dcmtk 3.6.7-14
[bookworm] - dcmtk <no-dsa> (Minor issue)
- [bullseye] - dcmtk <no-dsa> (Minor issue)
NOTE: https://support.dcmtk.org/redmine/issues/1114
NOTE:
https://github.com/DCMTK/dcmtk/commit/c78e434c0c5f9d932874f0b17a8b4ce305ca01f5
CVE-2024-34508 (dcmnet in DCMTK before 3.6.9 has a segmentation fault via an
invalid D ...)
{DLA-3847-1}
- dcmtk 3.6.7-14
[bookworm] - dcmtk <no-dsa> (Minor issue)
- [bullseye] - dcmtk <no-dsa> (Minor issue)
NOTE: https://support.dcmtk.org/redmine/issues/1114
NOTE:
https://github.com/DCMTK/dcmtk/commit/c78e434c0c5f9d932874f0b17a8b4ce305ca01f5
CVE-2024-34507 (An issue was discovered in
includes/CommentFormatter/CommentParser.php ...)
@@ -81057,7 +81055,6 @@ CVE-2024-28130 (An incorrect type conversion
vulnerability exists in the DVPSSof
{DLA-3847-1}
- dcmtk 3.6.7-14 (bug #1070207)
[bookworm] - dcmtk <no-dsa> (Minor issue)
- [bullseye] - dcmtk <no-dsa> (Minor issue)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2024-1957
NOTE: https://support.dcmtk.org/redmine/issues/1120
NOTE:
https://github.com/DCMTK/dcmtk/commit/dc6a2446dc03c9db90f82ce17a597f2cd53776c5
@@ -192899,7 +192896,6 @@ CVE-2022-43272 (DCMTK v3.6.7 was discovered to
contain a memory leak via the T_A
{DLA-3847-1}
[experimental] - dcmtk 3.6.8~git20221013.51be018-1
- dcmtk 3.6.7-8 (bug #1027165)
- [bullseye] - dcmtk <no-dsa> (Minor issue)
NOTE:
https://github.com/songxpu/bug_report/tree/master/DCMTK/memory_leak_in_3.6.7
NOTE: Fixed by:
https://github.com/DCMTK/dcmtk/commit/c34f4e46e672ad21accf04da0dc085e43be6f5e1
CVE-2022-43271 (Inhabit Systems Pty Ltd Move CRM version 4, build 260 was
discovered t ...)
@@ -218807,7 +218803,6 @@ CVE-2022-2122 (DOS / potential heap overwrite in
qtdemux using zlib decompressio
CVE-2022-2121 (OFFIS DCMTK's (All versions prior to 3.6.7) has a NULL pointer
derefer ...)
{DLA-3847-1}
- dcmtk 3.6.7-1 (bug #1014044)
- [bullseye] - dcmtk <no-dsa> (Minor issue)
NOTE: https://support.dcmtk.org/redmine/issues/1021
NOTE: Fixed by:
https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=3e996a2749a9355c9b680fa464ecfd9ab9ff567f
(DCMTK-3.6.7)
CVE-2022-2120 (OFFIS DCMTK's (All versions prior to 3.6.7) service class user
(SCU) i ...)
@@ -271935,22 +271930,18 @@ CVE-2021-41691
CVE-2021-41690 (DCMTK through 3.6.6 does not handle memory free properly. The
malloced ...)
{DLA-3847-1}
- dcmtk 3.6.7-1
- [bullseye] - dcmtk <no-dsa> (Minor issue)
NOTE:
https://github.com/DCMTK/dcmtk/commit/a9697dfeb672b0b9412c00c7d36d801e27ec85cb
(DCMTK-3.6.7)
CVE-2021-41689 (DCMTK through 3.6.6 does not handle string copy properly.
Sending spec ...)
{DLA-3847-1}
- dcmtk 3.6.7-1
- [bullseye] - dcmtk <no-dsa> (Minor issue)
NOTE:
https://github.com/DCMTK/dcmtk/commit/5c14bf53fb42ceca12bbcc0016e8704b1580920d
(DCMTK-3.6.7)
CVE-2021-41688 (DCMTK through 3.6.6 does not handle memory free properly. The
object i ...)
{DLA-3847-1}
- dcmtk 3.6.7-1
- [bullseye] - dcmtk <no-dsa> (Minor issue)
NOTE:
https://github.com/DCMTK/dcmtk/commit/a9697dfeb672b0b9412c00c7d36d801e27ec85cb
(DCMTK-3.6.7)
CVE-2021-41687 (DCMTK through 3.6.6 does not handle memory free properly. The
program ...)
{DLA-3847-1}
- dcmtk 3.6.7-1
- [bullseye] - dcmtk <no-dsa> (Minor issue)
NOTE:
https://github.com/DCMTK/dcmtk/commit/a9697dfeb672b0b9412c00c7d36d801e27ec85cb
(DCMTK-3.6.7)
CVE-2021-41686
RESERVED
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[31 Jan 2025] DLA-4038-1 dcmtk - security update
+ {CVE-2021-41687 CVE-2021-41688 CVE-2021-41689 CVE-2021-41690
CVE-2022-2121 CVE-2022-43272 CVE-2024-28130 CVE-2024-34508 CVE-2024-34509
CVE-2024-47796 CVE-2024-52333}
+ [bullseye] - dcmtk 3.6.5-1+deb11u1
[31 Jan 2025] DLA-4037-1 openjdk-11 - security update
{CVE-2025-21502}
[bullseye] - openjdk-11 11.0.26+4-1~deb11u1
=====================================
data/dla-needed.txt
=====================================
@@ -59,10 +59,6 @@ ckeditor3
NOTE: 20241002: rouca to check EOL'd ckeditor3 -> ckeditor[v4] upgrade path
NOTE: 20241002: https://lists.debian.org/debian-lts/2024/10/msg00003.html
--
-dcmtk (Adrian Bunk)
- NOTE: 20250117: Added by Front-Desk (rouca)
- NOTE: 20250117: Multiple CVEs have been piling up (rouca/front-desk)
---
djoser
NOTE: 20250117: Added by Front-Desk (rouca)
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d3cf1fcf56b514a5bba418eb09b358cc55da8cf1
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d3cf1fcf56b514a5bba418eb09b358cc55da8cf1
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
