[Git][security-tracker-team/security-tracker][master] dcmtk spu

Moritz Muehlenhoff (@jmm) jmm at debian.org
Thu Feb 27 15:32:10 GMT 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3afedb3b by Moritz Mühlenhoff at 2025-02-27T16:31:43+01:00
dcmtk spu

- - - - -


2 changed files:

- data/CVE/list
- data/next-point-update.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -4875,6 +4875,7 @@ CVE-2025-25475 (A NULL pointer dereference in the component /libsrc/dcrleccd.cc
 	NOTE: Fixed by: https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=bffa3e9116abb7038b432443f16b1bd390e80245
 CVE-2025-25474 (DCMTK v3.6.9+ DEV was discovered to contain a buffer overflow via the  ...)
 	- dcmtk 3.6.9-4 (bug #1098374)
+	[bookworm] - dcmtk <no-dsa> (Will be fixed via spu)
 	NOTE: Fixed by: https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=1d205bcd307164c99e0d4bbf412110372658d847
 CVE-2025-25473 (FFmpeg git master before commit c08d30 was discovered to contain a NUL ...)
 	- ffmpeg <unfixed>
@@ -4883,6 +4884,7 @@ CVE-2025-25473 (FFmpeg git master before commit c08d30 was discovered to contain
 	NOTE: Fixed by: https://git.ffmpeg.org/gitweb/ffmpeg.git/commitdiff/c08d300481b8ebb846cd43a473988fdbc6793d1b
 CVE-2025-25472 (A buffer overflow in DCMTK git master v3.6.9+ DEV allows attackers to  ...)
 	- dcmtk 3.6.9-4
+	[bookworm] - dcmtk <no-dsa> (Will be fixed via spu)
 	NOTE: Introduced by fix for CVE-2024-47796: https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=89a6e399f1e17d08a8bc8cdaa05b2ac9a50cd4f6
 	NOTE: Fixed by: https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=410ffe2019b9db6a8f4036daac742a6f5e4d36c2
 CVE-2025-25471 (FFmpeg git master before commit fd1772 was discovered to contain a NUL ...)


=====================================
data/next-point-update.txt
=====================================
@@ -170,3 +170,9 @@ CVE-2025-21490
 	[bookworm] - mariadb 1:10.11.10-0+deb12u1
 CVE-2025-0167
 	[bookworm] - curl 7.88.1-10+deb12u11
+CVE-2025-25475
+	[bookworm] - dcmtk 3.6.7-9~deb12u3
+CVE-2025-25474
+	[bookworm] - dcmtk 3.6.7-9~deb12u3
+CVE-2025-25472
+	[bookworm] - dcmtk 3.6.7-9~deb12u3



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3afedb3b8fa94d8b4b40e53241f5330c6adfcccd

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3afedb3b8fa94d8b4b40e53241f5330c6adfcccd
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250227/da8ab8ab/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list