[Git][security-tracker-team/security-tracker][master] Track fixed version for dcmtk issues fixed via unstable

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Feb 19 22:41:13 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
787ac9bc by Salvatore Bonaccorso at 2025-02-19T23:39:56+01:00
Track fixed version for dcmtk issues fixed via unstable

Not updating the version for CVE-2024-47796 and CVE-2024-52333 as the
lost patches were only in experimental and one single version 3.6.9-3 in
unstable and shortly fixed by maintainer with the 3.6.9-4 afterwards.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -146,11 +146,11 @@ CVE-2025-25892 (A buffer overflow vulnerability was discovered in D-Link DSL-378
 CVE-2025-25891 (A buffer overflow vulnerability was discovered in D-Link DSL-3782 v1.0 ...)
 	NOT-FOR-US: D-Link
 CVE-2025-25475 (A NULL pointer dereference in the component /libsrc/dcrleccd.cc of DCM ...)
-	- dcmtk <unfixed> (bug #1098373)
+	- dcmtk 3.6.9-4 (bug #1098373)
 	[bookworm] - dcmtk <no-dsa> (Minor issue)
 	NOTE: Fixed by: https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=bffa3e9116abb7038b432443f16b1bd390e80245
 CVE-2025-25474 (DCMTK v3.6.9+ DEV was discovered to contain a buffer overflow via the  ...)
-	- dcmtk <unfixed> (bug #1098374)
+	- dcmtk 3.6.9-4 (bug #1098374)
 	NOTE: Fixed by: https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=1d205bcd307164c99e0d4bbf412110372658d847
 CVE-2025-25473 (FFmpeg git master before commit c08d30 was discovered to contain a NUL ...)
 	- ffmpeg <unfixed>
@@ -158,7 +158,7 @@ CVE-2025-25473 (FFmpeg git master before commit c08d30 was discovered to contain
 	NOTE: https://trac.ffmpeg.org/ticket/11419
 	NOTE: Fixed by: https://git.ffmpeg.org/gitweb/ffmpeg.git/commitdiff/c08d300481b8ebb846cd43a473988fdbc6793d1b
 CVE-2025-25472 (A buffer overflow in DCMTK git master v3.6.9+ DEV allows attackers to  ...)
-	- dcmtk <unfixed>
+	- dcmtk 3.6.9-4
 	NOTE: Introduced by fix for CVE-2024-47796: https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=89a6e399f1e17d08a8bc8cdaa05b2ac9a50cd4f6
 	NOTE: Fixed by: https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=410ffe2019b9db6a8f4036daac742a6f5e4d36c2
 CVE-2025-25471 (FFmpeg git master before commit fd1772 was discovered to contain a NUL ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/787ac9bce213706065c4d5534cb63fed68c9b637

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/787ac9bce213706065c4d5534cb63fed68c9b637
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250219/bfd00faa/attachment.htm>

More information about the debian-security-tracker-commits mailing list