[Debian-med-packaging] Bug#1141411: Bug#1141411: dcmtk: CVE-2026-50003 CVE-2026-50254 CVE-2026-35505 CVE-2026-52868 CVE-2026-44628
Étienne Mollier
emollier at debian.org
Tue Jul 7 18:51:54 BST 2026
Hi Salvatore,
Salvatore Bonaccorso, on 2026-07-04:
> I still filled this as RC level, but I'm unsure if they really would
> warrant a security advisory, in particular the critical rated one
> needs to connect to a malicious DICOM server.
Thank you for your assessment, I have reviewed the changes, they
are numerous, and I believe more prudent to have them lingering
a bit in stable-pu. I'll coordinate with Stable Release
Managers for the publication of mitigations applicable to the
older dcmtk version in stable.
Have a nice day, :)
--
.''`. Étienne Mollier <emollier at debian.org>
: :' : pgp: 8f91 b227 c7d6 f2b1 948c 8236 793c f67e 8f0d 11da
`. `' sent from /dev/pts/2, please excuse my verbosity
`-
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/debian-med-packaging/attachments/20260707/ac78f509/attachment.sig>
More information about the Debian-med-packaging
mailing list