[Git][security-tracker-team/security-tracker][master] 2 commits: Mark CVE-2022-21{19,20,21}/dcmtk as fixed in 3.6.7-1

[Emilio Pozuelo Monfort (@pochu)]

Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker


Commits:
049fe9cd by Emilio Pozuelo Monfort at 2022-08-19T11:56:58+02:00
Mark CVE-2022-21{19,20,21}/dcmtk as fixed in 3.6.7-1

- - - - -
0885ef5d by Emilio Pozuelo Monfort at 2022-08-19T12:17:53+02:00
Add fixing commits for CVE-2022-21{19,20,21}/dcmtk

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -11741,17 +11741,20 @@ CVE-2022-2122 (DOS / potential heap overwrite in qtdemux using zlib decompressio
 	NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/14d306da6da51a762c4dc701d161bb52ab66d774
 	NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/92b5eb1da30fda054daf2f3d30bb4b806910b234 (1.20.3)
 CVE-2022-2121 (OFFIS DCMTK's (All versions prior to 3.6.7) has a NULL pointer derefer ...)
-	- dcmtk <unfixed> (bug #1014044)
+	- dcmtk 3.6.7-1 (bug #1014044)
 	[bullseye] - dcmtk <no-dsa> (Minor issue)
 	[buster] - dcmtk <no-dsa> (Minor issue)
+	NOTE: Fixed by: https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=3e996a2749a9355c9b680fa464ecfd9ab9ff567f
 CVE-2022-2120 (OFFIS DCMTK's (All versions prior to 3.6.7) service class user (SCU) i ...)
-	- dcmtk <unfixed> (bug #1014044)
+	- dcmtk 3.6.7-1 (bug #1014044)
 	[bullseye] - dcmtk <no-dsa> (Minor issue)
 	[buster] - dcmtk <no-dsa> (Minor issue)
+	NOTE: Fixed by: https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=f06a867513524664a1b03dfcf812d8b60fdd02cc
 CVE-2022-2119 (OFFIS DCMTK's (All versions prior to 3.6.7) service class provider (SC ...)
-	- dcmtk <unfixed> (bug #1014044)
+	- dcmtk 3.6.7-1 (bug #1014044)
 	[bullseye] - dcmtk <no-dsa> (Minor issue)
 	[buster] - dcmtk <no-dsa> (Minor issue)
+	NOTE: Fixed by: https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=f06a867513524664a1b03dfcf812d8b60fdd02cc
 CVE-2022-2118 (The 404s WordPress plugin before 3.5.1 does not sanitise and escape it ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2014-125025 (A vulnerability classified as problematic has been found in FFmpeg 2.0 ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/e6d583568cfe3c9f3d99dfe5e9b87a5b93a28feb...0885ef5d63d6aeae9f0da498eb814ce7ffa0d27d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/e6d583568cfe3c9f3d99dfe5e9b87a5b93a28feb...0885ef5d63d6aeae9f0da498eb814ce7ffa0d27d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220819/3ffa5d63/attachment.htm>