[Debian-med-packaging] Bug#1093043: dcmtk: leftover CVE status.
Étienne Mollier
emollier at debian.org
Sat Feb 1 19:32:17 GMT 2025
Hello,
I tried to have a closer look at CVE-2024-28130 in dcmtk in
bookworm and noted there were ports of fixes to Debian bullseye
LTS earlier that year. Either by picking upstream commits or by
fetching LTS patches, changes were sufficiently involved that I
didn't feel confident to make the necessary adjustments myself.
I have otherwise pushed a few changes on Salsa to address the
CVE-2024-34508 and CVE-2024-34509; in addition to the fix, it
was necessary to make a small adjustment to address a regression
in a test item, for which I pulled another upstream change.
I believe these changes in dcmtk are good enough to contact the
stable release manager for an upload in the upcoming point
release and will proceed.
Have a nice day, :)
--
.''`. Étienne Mollier <emollier at debian.org>
: :' : pgp: 8f91 b227 c7d6 f2b1 948c 8236 793c f67e 8f0d 11da
`. `' sent from /dev/pts/3, please excuse my verbosity
`- on air: The Flower Kings - Garden of Dreams
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/debian-med-packaging/attachments/20250201/b6ead8d6/attachment-0002.sig>
More information about the Debian-med-packaging
mailing list