[Debian-med-packaging] Bug#1136204: Bug#1136204: invesalius: CVE-2024-44825
Santiago Vila
sanvila at debian.org
Thu May 14 13:23:31 BST 2026
tags 1136204 help
thanks
On Sun, May 10, 2026 at 08:09:57PM +0200, Salvatore Bonaccorso wrote:
> For further information see:
>
> [0] https://security-tracker.debian.org/tracker/CVE-2024-44825
> https://www.cve.org/CVERecord?id=CVE-2024-44825
> [1] https://github.com/invesalius/invesalius3/commit/8b966260b3d9510e3ddc473aac4cc6578bab3aab
For the record: The patch that needs to be applied does not apply cleanly
over the current version:
Importing patch 8b966260b3d9510e3ddc473aac4cc6578bab3aab.patch
Applying patch 8b966260b3d9510e3ddc473aac4cc6578bab3aab.patch
patching file .gitignore
patching file invesalius/project.py
Hunk #1 FAILED at 31.
Hunk #2 succeeded at 481 with fuzz 1 (offset -20 lines).
Hunk #3 FAILED at 512.
Hunk #4 FAILED at 537.
3 out of 4 hunks FAILED -- rejects in file invesalius/project.py
Patch 8b966260b3d9510e3ddc473aac4cc6578bab3aab.patch does not apply (enforce with -f)
Patch 8b966260b3d9510e3ddc473aac4cc6578bab3aab.patch is not applied
In particular, the patch tries to modify this:
- tar_filter = getattr(tarfile, "tar_filter", None) # For python < 3.12
+ tar_filter = getattr(tarfile, "tar_filter", None)
but the Debian package in unstable does not have such line yet, so we would
need a yet-to-see amount of patches before [8b96626] for this to work.
I'm tagging this as "help" and Cc:ing Thiago (who created the package)
in the hope that he (or somebody else) can care about this.
Thanks.
More information about the Debian-med-packaging
mailing list