[Debian-med-packaging] Bug#1014044: dcmtk: Multiple CVEs reported
Salvatore Bonaccorso
carnil at debian.org
Fri Aug 19 20:15:45 BST 2022
Control: clone -1 -2
Control: retitle -1 dcmtk: CVE-2022-2121
Control: retitle -2 dcmtk: CVE-2022-2119 CVE-2022-2120
Control: fixed -1 3.6.7-1
Hi
On Wed, Jun 29, 2022 at 10:43:59AM +0200, Mathieu Malaterre wrote:
> Package: dcmtk
> Version: 3.6.5-1
> Severity: important
>
> Dear Maintainer,
>
> Multiples CVEs have been reported against DCMTK:
>
> - CVE-2022-2119
> - CVE-2022-2120
> - CVE-2022-2121
>
> Should we track them ? Should it be handled by debian-security team ?
Cloning/splitting this bug in two because CVE-2022-2121 got fixed in
the 3.6.7 release upstream but CVE-2022-2120 and CVE-2022-2121 only
afterwards.
Regards,
Salvatore
More information about the Debian-med-packaging
mailing list