[Debian-med-packaging] Bug#1141411: Bug#1141411: dcmtk: CVE-2026-50003 CVE-2026-50254 CVE-2026-35505 CVE-2026-52868 CVE-2026-44628

Étienne Mollier emollier at debian.org
Tue Jul 7 18:51:54 BST 2026


Hi Salvatore,

Salvatore Bonaccorso, on 2026-07-04:
> I still filled this as RC level, but I'm unsure if they really would
> warrant a security advisory, in particular the critical rated one
> needs to connect to a malicious DICOM server.

Thank you for your assessment, I have reviewed the changes, they
are numerous, and I believe more prudent to have them lingering
a bit in stable-pu.  I'll coordinate with Stable Release
Managers for the publication of mitigations applicable to the
older dcmtk version in stable.

Have a nice day,  :)
-- 
  .''`.  Étienne Mollier <emollier at debian.org>
 : :' :  pgp: 8f91 b227 c7d6 f2b1 948c  8236 793c f67e 8f0d 11da
 `. `'   sent from /dev/pts/2, please excuse my verbosity
   `-
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/debian-med-packaging/attachments/20260707/ac78f509/attachment.sig>


More information about the Debian-med-packaging mailing list