[Debian-med-packaging] gdcm_3.0.24-11_source.changes ACCEPTED into unstable
Debian FTP Masters
ftpmaster at ftp-master.debian.org
Fri Jun 26 17:38:35 BST 2026
Thank you for your contribution to Debian.
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 26 Jun 2026 11:48:10 -0300
Source: gdcm
Architecture: source
Version: 3.0.24-11
Distribution: unstable
Urgency: medium
Maintainer: Debian Med Packaging Team <debian-med-packaging at lists.alioth.debian.org>
Changed-By: Emmanuel Arias <eamanu at debian.org>
Closes: 1122862 1123576 1123587 1123589 1132042
Changes:
gdcm (3.0.24-11) unstable; urgency=medium
.
* Team Upload.
* CVE-2025-11266: Avoid out-of-bounds vulnerability. The issue
was triggered during parsing of a malformed DICOM file containing
encapsulated PixelData fragments. This vulnerability leads to a
segmentation fault caused by an out-of-bounds memory access due to
unsigned integer underflow in buffer indexing (Closes: #1122862).
* CVE-2025-52582: Add patch to prevent overlay extraction in case of
malformed overlay or image information (Closes: #1123576).
* CVE-2025-48429: Add patch to refactor the RLE header to ensure it
conforms to the DICOM standard (Closes: #1123589).
* CVE-2025-53618 and CVE-2025-53619: Add patch to add a frame size
check to ensure that the provided data corresponds to the buffer
size (Closes: #1123587).
* CVE-2026-3650: Add patch to reject Value Length exceeding stream
size (Closes: #1132042).
Checksums-Sha1:
d4e6d7b9e1991d12d48b4ffa6e106423b67a9bea 3158 gdcm_3.0.24-11.dsc
74f318bac9412e6eea2eb6ed5422de3c18ddd305 288552 gdcm_3.0.24-11.debian.tar.xz
5bef56fd576fbeffad2ff354642cdb174e4d10c8 34392 gdcm_3.0.24-11_amd64.buildinfo
Checksums-Sha256:
d3cd3b72f49d8697d1d7d4153d044ce08163846c2f05286e30c3695c07eb92da 3158 gdcm_3.0.24-11.dsc
81457d4be7404392b86e1a20878fd536f0a20cb5ae0bc72d7d74ef07ce49ba88 288552 gdcm_3.0.24-11.debian.tar.xz
4440f47afbf7cf9ce9001ba1cdabc19c73a46b44cd74a9d2d6414928f7199247 34392 gdcm_3.0.24-11_amd64.buildinfo
Files:
81c4738566b381c33ea3826bea4abdae 3158 libs optional gdcm_3.0.24-11.dsc
bbdfc6923a5f0f9fddf407fcfdd5d204 288552 libs optional gdcm_3.0.24-11.debian.tar.xz
85fc2d3227a3f87a596748bdeed7830a 34392 libs optional gdcm_3.0.24-11_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJGBAEBCgAwFiEEE3lnVbvHK7ir4q61+p3sXeEcY/EFAmo+pRoSHGVhbWFudUBk
ZWJpYW4ub3JnAAoJEPqd7F3hHGPxqggP/0AP+F4VgjyjCtILgSEC30yFDkwwEoq+
XCtcz2N9WEP9ZzCPmKGNkgwngE/HJMM5D981B1IWe1btkgPobYA2r9pYg1tnpoGQ
3gJBgFQ9l/SWKp7vbsJDCamxBHyTlJo8KMqJqThhpBePxTgUDz5NDNuDpKMFtWEO
jRBOHo4aOhZwQLdci05YYZ1K+dO6cv+uxhuF6+YyhUwpaNuAN84cIwF8sQfRu54Y
3WeI1rA+xvu4rSlO6VWrnhuhL0uuEOVyculK90luPko2yoe6+BkNwYbBn0/u0iBM
vOBwKXqm0LYvjL28R6t/CyklDDHWm4wxwJBooDBZWCmlA/bNNu3nHipDAr4iMjWX
i9NP/sQ7ASUM5xs7TTgNm0vrXMbS6HNEleCqPO8QSfGk+YvGc/ucln8KBslJ1auc
IYnWiJqf4o34hHuRn0M7bl4sXVGFQA6zvR/2pYF/Sh/TFqGAOjEBlJeZfyYsBJnc
/ohehLENQvONvwQGzGasen2qMYdownjeWFqiNa3NoPZ4N/bnAPisP8veQZBJuUTK
LD1xoy86OrnpsOhW5riC8JZBn5UNYk/3JNZJtFpWciszqKr/Q8AIrTC2MtPpCmqO
9ZrnWoWvKd3iaHAGfhrewEpEAgVt0UYomGBeioY/TPL8SDUdV/wXBpEyzlq4S1aH
nL7yuaj9V4Iz
=60wI
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/debian-med-packaging/attachments/20260626/e1a89eb1/attachment.sig>
More information about the Debian-med-packaging
mailing list