[Debian-med-packaging] Bug#1093047: dcmtk: leftover CVE status.

Étienne Mollier emollier at debian.org
Thu Jan 30 19:51:17 GMT 2025


Good evening,

I have pushed some changes in Salsa, in the debian/bookworm
branch[1].  Patches are applied for CVE-2024-47796 and
CVE-2024-52333, fixing the present issues.

Salvatore Bonaccorso, on 2025-01-27:
> On Mon, Jan 27, 2025 at 07:57:59PM +0100, Étienne Mollier wrote:
> > Salvatore Bonaccorso, on 2025-01-26:
> > > For bookworm: Can you fix those and ideally as well the other no-dsa
> > > CVEs in the upcoming point release?
[…]

The below CVE looks also good and the correction is pushed on
Salsa; it only required a minor change due to missing a macro
that has been defined at a later point in time:
> >   * CVE-2024-27628

I begun to have a look at that CVE but it seems to be somewhat
involved on first sight, but I haven't attempted to apply the
changes yet to see how things go actually:
> >   * CVE-2024-28130

I haven't taken the time to investigate the below issues yet:
> >   * CVE-2024-34508
> >   * CVE-2024-34509

I'll probably stop for today and will continue during the
weekend.

[1]: https://salsa.debian.org/med-team/dcmtk/-/tree/debian/bookworm?ref_type=heads

Have a nice day,  :)
-- 
  .''`.  Étienne Mollier <emollier at debian.org>
 : :' :  pgp: 8f91 b227 c7d6 f2b1 948c  8236 793c f67e 8f0d 11da
 `. `'   sent from /dev/pts/1, please excuse my verbosity
   `-    on air: Symphony X - Paradise Lost
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/debian-med-packaging/attachments/20250130/5648a86e/attachment-0003.sig>


More information about the Debian-med-packaging mailing list