[Debian-med-packaging] Bug#1070387: Bug#1070387: gdcm: CVE-2024-25569 CVE-2024-22373 CVE-2024-22391
Étienne Mollier
emollier at debian.org
Sun May 5 21:01:10 BST 2024
Control: found -1 3.0.21-1
Control: found -1 3.0.8-2
Control: fixed -1 3.0.24-1
Hi Moritz,
Thanks for the tracking and the triaging of these issues!
Moritz Mühlenhoff, on 2024-05-04:
> Please adjust the affected versions in the BTS as needed.
Done with the present email; an upload of 3.0.24-1 is on the way
in unstable. I'm afraid I'm not sure how to test those
vulnerabilities, but mitigations brought by Mathieu apply with
no fuzz, or just a little, to gdcm in stable and oldstable (and
possibly oldoldstable), so I'm inclined to assume they are
affected. Hi Mathieu, don't hesitate to chime in if you have
some insights on applying the mitigations on older versions.
I'm still running extensive tests at the moment against (build)
reverse dependencies, but there were no issues directly induced
by the newer gdcm version so far. I'm considering liaising with
Stable Release Managers to get gdcm fixed there too in upcoming
point releases, if that helps.
Have a nice day, :)
--
.''`. Étienne Mollier <emollier at debian.org>
: :' : pgp: 8f91 b227 c7d6 f2b1 948c 8236 793c f67e 8f0d 11da
`. `' sent from /dev/pts/2, please excuse my verbosity
`- on air: Alta Forma - Apocalyptus
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/debian-med-packaging/attachments/20240505/437710cb/attachment.sig>
More information about the Debian-med-packaging
mailing list