[Debian-med-packaging] Bug#1093043: Bug#1093047: Bug#1093043: Bug#1093043: dcmtk: CVE-2024-47796

[Salvatore Bonaccorso]

Hi Étienne,

On Mon, Jan 27, 2025 at 07:57:59PM +0100, Étienne Mollier wrote:
> Hi Salvatore,
> 
> Salvatore Bonaccorso, on 2025-01-26:
> > On Sat, Jan 18, 2025 at 04:28:55PM +0100, Étienne Mollier wrote:
> > > Thanks for the reports, patches apply without much fuzz to dcmtk
> > > versions provided in sid, stable and oldstable.  I would assume
> > > they are all affected by CVE-2024-47796 and CVE-2024-52333, in
> > > doubt.
> > 
> > Aplogies for the late reply. Thanks for fixing the issues in unstable.
> 
> You don't need to apologize, thank you for having sent the
> status on your end.  :)
> 
> I must admit I feel a bit at fault myself as I pondered whether
> to liaise with appropriate teams to follow up on stable without
> having actually acted, and moved on other activities in the
> meantime (added to that I got caught afk as life happens).
> Hopefully the present week will be simpler.

But no worries!

> > For bookworm: Can you fix those and ideally as well the other no-dsa
> > CVEs in the upcoming point release?
> 
> So that I don't miss any, if I follow correctly the security
> tracker[1], that means the two CVE published lately:
> 
>   * CVE-2024-47796
>   * CVE-2024-52333
> 
> plus these ones from an earlier time:
> 
>   * CVE-2024-27628
>   * CVE-2024-28130
>   * CVE-2024-34508
>   * CVE-2024-34509
> 
> [1]: https://security-tracker.debian.org/tracker/source-package/dcmtk
> 
> The two first shouldn't be too difficult.  I haven't looked at
> the four others yet.  If all goes well, I should be able to work
> with the Stable release managers upon upcoming weekend, if not
> earlier.

Correct. If you find any of the earlier no-dsa marked one as to be too
intrusive to fix, then we can skipt them. My point was, at the point
to do the point release update, look if any of the earlier ones marked
no-dsa can have fixes included as well.

> 
> Have a nice day,  :)

Same to you!

Regards,
Salvatore