[Debian-med-packaging] Bug#1093043: Bug#1093047: Bug#1093043: Bug#1093043: dcmtk: CVE-2024-47796

Étienne Mollier emollier at debian.org
Mon Jan 27 18:57:59 GMT 2025


Hi Salvatore,

Salvatore Bonaccorso, on 2025-01-26:
> On Sat, Jan 18, 2025 at 04:28:55PM +0100, Étienne Mollier wrote:
> > Thanks for the reports, patches apply without much fuzz to dcmtk
> > versions provided in sid, stable and oldstable.  I would assume
> > they are all affected by CVE-2024-47796 and CVE-2024-52333, in
> > doubt.
> 
> Aplogies for the late reply. Thanks for fixing the issues in unstable.

You don't need to apologize, thank you for having sent the
status on your end.  :)

I must admit I feel a bit at fault myself as I pondered whether
to liaise with appropriate teams to follow up on stable without
having actually acted, and moved on other activities in the
meantime (added to that I got caught afk as life happens).
Hopefully the present week will be simpler.

> For bookworm: Can you fix those and ideally as well the other no-dsa
> CVEs in the upcoming point release?

So that I don't miss any, if I follow correctly the security
tracker[1], that means the two CVE published lately:

  * CVE-2024-47796
  * CVE-2024-52333

plus these ones from an earlier time:

  * CVE-2024-27628
  * CVE-2024-28130
  * CVE-2024-34508
  * CVE-2024-34509

[1]: https://security-tracker.debian.org/tracker/source-package/dcmtk

The two first shouldn't be too difficult.  I haven't looked at
the four others yet.  If all goes well, I should be able to work
with the Stable release managers upon upcoming weekend, if not
earlier.

Have a nice day,  :)
-- 
  .''`.  Étienne Mollier <emollier at debian.org>
 : :' :  pgp: 8f91 b227 c7d6 f2b1 948c  8236 793c f67e 8f0d 11da
 `. `'   sent from /dev/pts/4, please excuse my verbosity
   `-    on air: A.C.T - Wailings From a Building
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/debian-med-packaging/attachments/20250127/bca2148c/attachment-0001.sig>


More information about the Debian-med-packaging mailing list