[med-svn] [Git][med-team/dcmtk][master] 3 commits: d/patches: Fix CVE-2022-43272. Closes: #1027165

Mathieu Malaterre (@malat) gitlab at salsa.debian.org
Wed Jan 4 10:17:08 GMT 2023 


Mathieu Malaterre pushed to branch master at Debian Med / dcmtk


Commits:
5246f1f1 by Mathieu Malaterre at 2023-01-04T11:14:53+01:00
d/patches: Fix CVE-2022-43272. Closes: #1027165

- - - - -
3ad07841 by Mathieu Malaterre at 2023-01-04T11:14:53+01:00
d/control: Bump Std-Vers to 4.6.2 no changes needed

- - - - -
813aa719 by Mathieu Malaterre at 2023-01-04T11:15:22+01:00
d/changelog: Upload 3.6.7-8 to unstable

- - - - -


4 changed files:

- debian/changelog
- debian/control
- + debian/patches/c34f4e46e672ad21accf04da0dc085e43be6f5e1.patch
- debian/patches/series


Changes:

=====================================
debian/changelog
=====================================
@@ -1,3 +1,10 @@
+dcmtk (3.6.7-8) unstable; urgency=medium
+
+  * d/patches: Fix CVE-2022-43272. Closes: #1027165
+  * d/control: Bump Std-Vers to 4.6.2 no changes needed
+
+ -- Mathieu Malaterre <malat at debian.org>  Wed, 04 Jan 2023 11:15:13 +0100
+
 dcmtk (3.6.7-7) unstable; urgency=medium
 
   [ Andreas Tille ]


=====================================
debian/control
=====================================
@@ -17,7 +17,7 @@ Build-Depends: cmake,
                zlib1g-dev
 Build-Depends-Indep: doxygen,
                      graphviz
-Standards-Version: 4.6.1
+Standards-Version: 4.6.2
 Vcs-Browser: https://salsa.debian.org/med-team/dcmtk
 Vcs-Git: https://salsa.debian.org/med-team/dcmtk.git
 Homepage: https://dicom.offis.de/dcmtk


=====================================
debian/patches/c34f4e46e672ad21accf04da0dc085e43be6f5e1.patch
=====================================
@@ -0,0 +1,55 @@
+From c34f4e46e672ad21accf04da0dc085e43be6f5e1 Mon Sep 17 00:00:00 2001
+From: Marco Eichelberg <dicom at offis.de>
+Date: Thu, 9 Jun 2022 10:03:38 +0200
+Subject: [PATCH] Fixed memory leak in single process mode.
+
+Fixed a memory leak in dcmqrscp's single process mode.
+
+Thanks to <songxiangpu at mail.sdu.edu.cn> for the bug report and test data.
+---
+ dcmqrdb/libsrc/dcmqrsrv.cc | 24 ++++++++++--------------
+ 1 file changed, 10 insertions(+), 14 deletions(-)
+
+diff --git a/dcmqrdb/libsrc/dcmqrsrv.cc b/dcmqrdb/libsrc/dcmqrsrv.cc
+index 157e6c022..f5f9df661 100644
+--- a/dcmqrdb/libsrc/dcmqrsrv.cc
++++ b/dcmqrdb/libsrc/dcmqrsrv.cc
+@@ -1,6 +1,6 @@
+ /*
+  *
+- *  Copyright (C) 1993-2021, OFFIS e.V.
++ *  Copyright (C) 1993-2022, OFFIS e.V.
+  *  All rights reserved.  See COPYRIGHT file for details.
+  *
+  *  This software and supporting documentation were developed by
+@@ -1126,21 +1126,17 @@ OFCondition DcmQueryRetrieveSCP::waitForAssociation(T_ASC_Network * theNet)
+ #endif
+     }
+ 
+-    // cleanup code
++    // clean-up association
+     OFCondition oldcond = cond;    /* store condition flag for later use */
+-    if (!options_.singleProcess_ && (cond != ASC_SHUTDOWNAPPLICATION))
++    cond = ASC_dropAssociation(assoc);
++    if (cond.bad())
+     {
+-        /* the child will handle the association, we can drop it */
+-        cond = ASC_dropAssociation(assoc);
+-        if (cond.bad())
+-        {
+-            DCMQRDB_ERROR("Cannot Drop Association: " << DimseCondition::dump(temp_str, cond));
+-        }
+-        cond = ASC_destroyAssociation(&assoc);
+-        if (cond.bad())
+-        {
+-            DCMQRDB_ERROR("Cannot Destroy Association: " << DimseCondition::dump(temp_str, cond));
+-        }
++        DCMQRDB_ERROR("Cannot Drop Association: " << DimseCondition::dump(temp_str, cond));
++    }
++    cond = ASC_destroyAssociation(&assoc);
++    if (cond.bad())
++    {
++        DCMQRDB_ERROR("Cannot Destroy Association: " << DimseCondition::dump(temp_str, cond));
+     }
+ 
+     if (oldcond == ASC_SHUTDOWNAPPLICATION) cond = oldcond; /* abort flag is reported to top-level wait loop */


=====================================
debian/patches/series
=====================================
@@ -9,3 +9,4 @@
 #ab61e8577ff0974efcfae2907c48baf6023c1160.patch
 #1c8cca4bf6f7c92fc16f9e66faf49409c891a2b0.patch
 f06a867513524664a1b03dfcf812d8b60fdd02cc.patch
+c34f4e46e672ad21accf04da0dc085e43be6f5e1.patch



View it on GitLab: https://salsa.debian.org/med-team/dcmtk/-/compare/e6fdde0b35acf9c66874d6bbdb2f396b0721536a...813aa7194f1df7724db0baf8c593e1a700b0d976

-- 
View it on GitLab: https://salsa.debian.org/med-team/dcmtk/-/compare/e6fdde0b35acf9c66874d6bbdb2f396b0721536a...813aa7194f1df7724db0baf8c593e1a700b0d976
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-med-commit/attachments/20230104/df8ce3d6/attachment-0001.htm>

More information about the debian-med-commit mailing list