[Debian-med-packaging] Bug#1138713: Bug#1138713: orthanc: CVE-2026-10528
Étienne Mollier
emollier at debian.org
Thu Jun 4 21:25:38 BST 2026
Hi,
Étienne Mollier, on 2026-06-03:
> Hi Sébastien,
>
>> The "dcmtk" package must be fixed by introducing the following upstream patch:
>> https://github.com/DCMTK/dcmtk/commit/885ff0f10372bd589b5f44cea974f28a3964cb0f
>
> Thanks for the pointer, I have begun to work on this tonight and
> integrated a patch to dcmtk that had a bit of fuzz, but does not
> seem to have had negative impact yet. […]
Alas, autopkgtest revealed that importing the part of mitigation
against CVE-2026-10528 results in an ABI breakage caught by
plastimatch and most likely orthanc-wsi autopkgtests. :(
I believe the appropriate course of action is to wait for dcmtk
3.7.1 and properly transition once it is out. In the meantime,
I am preparing a dcmtk upload to unstable reverting that patch.
In hope this helps,
--
.''`. Étienne Mollier <emollier at debian.org>
: :' : pgp: 8f91 b227 c7d6 f2b1 948c 8236 793c f67e 8f0d 11da
`. `' sent from /dev/pts/3, please excuse my verbosity
`-
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/debian-med-packaging/attachments/20260604/170bf91d/attachment.sig>
More information about the Debian-med-packaging
mailing list