[Debian-med-packaging] Bug#1093043: Bug#1093047: Bug#1093043: Bug#1093043: dcmtk: CVE-2024-47796
Étienne Mollier
emollier at debian.org
Mon Jan 27 18:57:59 GMT 2025
Hi Salvatore,
Salvatore Bonaccorso, on 2025-01-26:
> On Sat, Jan 18, 2025 at 04:28:55PM +0100, Étienne Mollier wrote:
> > Thanks for the reports, patches apply without much fuzz to dcmtk
> > versions provided in sid, stable and oldstable. I would assume
> > they are all affected by CVE-2024-47796 and CVE-2024-52333, in
> > doubt.
>
> Aplogies for the late reply. Thanks for fixing the issues in unstable.
You don't need to apologize, thank you for having sent the
status on your end. :)
I must admit I feel a bit at fault myself as I pondered whether
to liaise with appropriate teams to follow up on stable without
having actually acted, and moved on other activities in the
meantime (added to that I got caught afk as life happens).
Hopefully the present week will be simpler.
> For bookworm: Can you fix those and ideally as well the other no-dsa
> CVEs in the upcoming point release?
So that I don't miss any, if I follow correctly the security
tracker[1], that means the two CVE published lately:
* CVE-2024-47796
* CVE-2024-52333
plus these ones from an earlier time:
* CVE-2024-27628
* CVE-2024-28130
* CVE-2024-34508
* CVE-2024-34509
[1]: https://security-tracker.debian.org/tracker/source-package/dcmtk
The two first shouldn't be too difficult. I haven't looked at
the four others yet. If all goes well, I should be able to work
with the Stable release managers upon upcoming weekend, if not
earlier.
Have a nice day, :)
--
.''`. Étienne Mollier <emollier at debian.org>
: :' : pgp: 8f91 b227 c7d6 f2b1 948c 8236 793c f67e 8f0d 11da
`. `' sent from /dev/pts/4, please excuse my verbosity
`- on air: A.C.T - Wailings From a Building
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/debian-med-packaging/attachments/20250127/bca2148c/attachment-0001.sig>
More information about the Debian-med-packaging
mailing list