[Git][security-tracker-team/security-tracker][master] Reserve DLA-3847-1 for dcmtk

[Adrian Bunk (@bunk)]

Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker


Commits:
abb52eb4 by Adrian Bunk at 2024-06-28T18:21:04+03:00
Reserve DLA-3847-1 for dcmtk

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -134639,7 +134639,6 @@ CVE-2022-43272 (DCMTK v3.6.7 was discovered to contain a memory leak via the T_A
 	[experimental] - dcmtk 3.6.8~git20221013.51be018-1
 	- dcmtk 3.6.7-8 (bug #1027165)
 	[bullseye] - dcmtk <no-dsa> (Minor issue)
-	[buster] - dcmtk <no-dsa> (Minor issue)
 	NOTE: https://github.com/songxpu/bug_report/tree/master/DCMTK/memory_leak_in_3.6.7
 	NOTE: Fixed by: https://github.com/DCMTK/dcmtk/commit/c34f4e46e672ad21accf04da0dc085e43be6f5e1
 CVE-2022-43271 (Inhabit Systems Pty Ltd Move CRM version 4, build 260 was discovered t ...)
@@ -160537,7 +160536,6 @@ CVE-2022-2122 (DOS / potential heap overwrite in qtdemux using zlib decompressio
 CVE-2022-2121 (OFFIS DCMTK's (All versions prior to 3.6.7) has a NULL pointer derefer ...)
 	- dcmtk 3.6.7-1 (bug #1014044)
 	[bullseye] - dcmtk <no-dsa> (Minor issue)
-	[buster] - dcmtk <no-dsa> (Minor issue)
 	NOTE: https://support.dcmtk.org/redmine/issues/1021
 	NOTE: Fixed by: https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=3e996a2749a9355c9b680fa464ecfd9ab9ff567f (DCMTK-3.6.7)
 CVE-2022-2120 (OFFIS DCMTK's (All versions prior to 3.6.7) service class user (SCU) i ...)
@@ -213579,22 +213577,18 @@ CVE-2021-41691
 CVE-2021-41690 (DCMTK through 3.6.6 does not handle memory free properly. The malloced ...)
 	- dcmtk 3.6.7-1
 	[bullseye] - dcmtk <no-dsa> (Minor issue)
-	[buster] - dcmtk <no-dsa> (Minor issue)
 	NOTE: https://github.com/DCMTK/dcmtk/commit/a9697dfeb672b0b9412c00c7d36d801e27ec85cb (DCMTK-3.6.7)
 CVE-2021-41689 (DCMTK through 3.6.6 does not handle string copy properly. Sending spec ...)
 	- dcmtk 3.6.7-1
 	[bullseye] - dcmtk <no-dsa> (Minor issue)
-	[buster] - dcmtk <no-dsa> (Minor issue)
 	NOTE: https://github.com/DCMTK/dcmtk/commit/5c14bf53fb42ceca12bbcc0016e8704b1580920d (DCMTK-3.6.7)
 CVE-2021-41688 (DCMTK through 3.6.6 does not handle memory free properly. The object i ...)
 	- dcmtk 3.6.7-1
 	[bullseye] - dcmtk <no-dsa> (Minor issue)
-	[buster] - dcmtk <no-dsa> (Minor issue)
 	NOTE: https://github.com/DCMTK/dcmtk/commit/a9697dfeb672b0b9412c00c7d36d801e27ec85cb (DCMTK-3.6.7)
 CVE-2021-41687 (DCMTK through 3.6.6 does not handle memory free properly. The program  ...)
 	- dcmtk 3.6.7-1
 	[bullseye] - dcmtk <no-dsa> (Minor issue)
-	[buster] - dcmtk <no-dsa> (Minor issue)
 	NOTE: https://github.com/DCMTK/dcmtk/commit/a9697dfeb672b0b9412c00c7d36d801e27ec85cb (DCMTK-3.6.7)
 CVE-2021-41686
 	RESERVED


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[28 Jun 2024] DLA-3847-1 dcmtk - security update
+	{CVE-2021-41687 CVE-2021-41688 CVE-2021-41689 CVE-2021-41690 CVE-2022-2121 CVE-2022-43272 CVE-2024-28130 CVE-2024-34508 CVE-2024-34509}
+	[buster] - dcmtk 3.6.4-2.1+deb10u1
 [27 Jun 2024] DLA-3846-1 libmojolicious-perl - security update
 	{CVE-2020-36829}
 	[buster] - libmojolicious-perl 8.12+dfsg-1.1~deb10u1


=====================================
data/dla-needed.txt
=====================================
@@ -46,9 +46,6 @@ cyrus-imapd
   NOTE: 20240609: Added by Front-Desk (apo)
   NOTE: 20240612: Asked coordinators to review CVE-2024-34055. (bunk)
 --
-dcmtk (Adrian Bunk)
-  NOTE: 20240428: Added by Front-Desk (ta)
---
 dns-root-data (santiago)
   NOTE: 20240607: Added by coordinator (santiago)
   NOTE: 20240607: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054393



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/abb52eb404580088fc8a69988e785ba0e30db38b

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/abb52eb404580088fc8a69988e785ba0e30db38b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240628/4b5b0d02/attachment.htm>