diffstat for invesalius-3.1.99998 invesalius-3.1.99998

 changelog                                         |    7 ++++
 patches/0001-Removed-eval-from-dicom.py-820.patch |   34 ++++++++++++++++++++++
 patches/series                                    |    1 
 3 files changed, 42 insertions(+)

diff -Nru invesalius-3.1.99998/debian/changelog invesalius-3.1.99998/debian/changelog
--- invesalius-3.1.99998/debian/changelog	2025-02-16 15:50:44.000000000 +0200
+++ invesalius-3.1.99998/debian/changelog	2026-05-07 12:33:58.000000000 +0300
@@ -1,3 +1,10 @@
+invesalius (3.1.99998-7.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * CVE-2024-42845: eval injection in DICOM reader (Closes: #1082875)
+
+ -- Adrian Bunk <bunk@debian.org>  Thu, 07 May 2026 12:33:58 +0300
+
 invesalius (3.1.99998-7) unstable; urgency=medium
 
   * Team upload.
diff -Nru invesalius-3.1.99998/debian/patches/0001-Removed-eval-from-dicom.py-820.patch invesalius-3.1.99998/debian/patches/0001-Removed-eval-from-dicom.py-820.patch
--- invesalius-3.1.99998/debian/patches/0001-Removed-eval-from-dicom.py-820.patch	1970-01-01 02:00:00.000000000 +0200
+++ invesalius-3.1.99998/debian/patches/0001-Removed-eval-from-dicom.py-820.patch	2026-05-07 12:33:32.000000000 +0300
@@ -0,0 +1,34 @@
+From 9f3257b9488ca1ca85827028606ffb7bce44648c Mon Sep 17 00:00:00 2001
+From: Thiago Franco de Moraes <totonixsame@gmail.com>
+Date: Mon, 5 Aug 2024 10:41:11 -0300
+Subject: Removed eval from dicom.py (#820)
+
+---
+ invesalius/reader/dicom.py | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/invesalius/reader/dicom.py b/invesalius/reader/dicom.py
+index 4aba9c7f..f68ba56f 100644
+--- a/invesalius/reader/dicom.py
++++ b/invesalius/reader/dicom.py
+@@ -443,7 +443,7 @@ class Parser:
+         except (KeyError):
+             return ""
+         if data:
+-            return [eval(value) for value in data.split("\\")]
++            return [float(value) for value in data.split("\\")]
+         return ""
+ 
+     def GetImageLocation(self):
+@@ -456,7 +456,7 @@ class Parser:
+         """
+         data = self.data_image[str(0x020)][str(0x1041)]
+         if data:
+-            return eval(data)
++            return float(data)
+         return ""
+ 
+     def GetImageOffset(self):
+-- 
+2.47.3
+
diff -Nru invesalius-3.1.99998/debian/patches/series invesalius-3.1.99998/debian/patches/series
--- invesalius-3.1.99998/debian/patches/series	2025-02-16 15:50:44.000000000 +0200
+++ invesalius-3.1.99998/debian/patches/series	2026-05-07 12:33:57.000000000 +0300
@@ -7,3 +7,4 @@
 python3.13
 fix-my-types.patch
 workaround-dropped-inner1d.patch
+0001-Removed-eval-from-dicom.py-820.patch