[Git][security-tracker-team/security-tracker][master] Reserve DLA-4038-1 for dcmtk

Fri Jan 31 21:04:09 GMT 2025


Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d3cf1fcf by Adrian Bunk at 2025-01-31T23:03:54+02:00
Reserve DLA-4038-1 for dcmtk

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -76051,14 +76051,12 @@ CVE-2024-34509 (dcmdata in DCMTK before 3.6.9 has a segmentation fault via an in
 	{DLA-3847-1}
 	- dcmtk 3.6.7-14
 	[bookworm] - dcmtk <no-dsa> (Minor issue)
-	[bullseye] - dcmtk <no-dsa> (Minor issue)
 	NOTE: https://support.dcmtk.org/redmine/issues/1114
 	NOTE: https://github.com/DCMTK/dcmtk/commit/c78e434c0c5f9d932874f0b17a8b4ce305ca01f5
 CVE-2024-34508 (dcmnet in DCMTK before 3.6.9 has a segmentation fault via an invalid D ...)
 	{DLA-3847-1}
 	- dcmtk 3.6.7-14
 	[bookworm] - dcmtk <no-dsa> (Minor issue)
-	[bullseye] - dcmtk <no-dsa> (Minor issue)
 	NOTE: https://support.dcmtk.org/redmine/issues/1114
 	NOTE: https://github.com/DCMTK/dcmtk/commit/c78e434c0c5f9d932874f0b17a8b4ce305ca01f5
 CVE-2024-34507 (An issue was discovered in includes/CommentFormatter/CommentParser.php ...)
@@ -81057,7 +81055,6 @@ CVE-2024-28130 (An incorrect type conversion vulnerability exists in the DVPSSof
 	{DLA-3847-1}
 	- dcmtk 3.6.7-14 (bug #1070207)
 	[bookworm] - dcmtk <no-dsa> (Minor issue)
-	[bullseye] - dcmtk <no-dsa> (Minor issue)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2024-1957
 	NOTE: https://support.dcmtk.org/redmine/issues/1120
 	NOTE: https://github.com/DCMTK/dcmtk/commit/dc6a2446dc03c9db90f82ce17a597f2cd53776c5
@@ -192899,7 +192896,6 @@ CVE-2022-43272 (DCMTK v3.6.7 was discovered to contain a memory leak via the T_A
 	{DLA-3847-1}
 	[experimental] - dcmtk 3.6.8~git20221013.51be018-1
 	- dcmtk 3.6.7-8 (bug #1027165)
-	[bullseye] - dcmtk <no-dsa> (Minor issue)
 	NOTE: https://github.com/songxpu/bug_report/tree/master/DCMTK/memory_leak_in_3.6.7
 	NOTE: Fixed by: https://github.com/DCMTK/dcmtk/commit/c34f4e46e672ad21accf04da0dc085e43be6f5e1
 CVE-2022-43271 (Inhabit Systems Pty Ltd Move CRM version 4, build 260 was discovered t ...)
@@ -218807,7 +218803,6 @@ CVE-2022-2122 (DOS / potential heap overwrite in qtdemux using zlib decompressio
 CVE-2022-2121 (OFFIS DCMTK's (All versions prior to 3.6.7) has a NULL pointer derefer ...)
 	{DLA-3847-1}
 	- dcmtk 3.6.7-1 (bug #1014044)
-	[bullseye] - dcmtk <no-dsa> (Minor issue)
 	NOTE: https://support.dcmtk.org/redmine/issues/1021
 	NOTE: Fixed by: https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=3e996a2749a9355c9b680fa464ecfd9ab9ff567f (DCMTK-3.6.7)
 CVE-2022-2120 (OFFIS DCMTK's (All versions prior to 3.6.7) service class user (SCU) i ...)
@@ -271935,22 +271930,18 @@ CVE-2021-41691
 CVE-2021-41690 (DCMTK through 3.6.6 does not handle memory free properly. The malloced ...)
 	{DLA-3847-1}
 	- dcmtk 3.6.7-1
-	[bullseye] - dcmtk <no-dsa> (Minor issue)
 	NOTE: https://github.com/DCMTK/dcmtk/commit/a9697dfeb672b0b9412c00c7d36d801e27ec85cb (DCMTK-3.6.7)
 CVE-2021-41689 (DCMTK through 3.6.6 does not handle string copy properly. Sending spec ...)
 	{DLA-3847-1}
 	- dcmtk 3.6.7-1
-	[bullseye] - dcmtk <no-dsa> (Minor issue)
 	NOTE: https://github.com/DCMTK/dcmtk/commit/5c14bf53fb42ceca12bbcc0016e8704b1580920d (DCMTK-3.6.7)
 CVE-2021-41688 (DCMTK through 3.6.6 does not handle memory free properly. The object i ...)
 	{DLA-3847-1}
 	- dcmtk 3.6.7-1
-	[bullseye] - dcmtk <no-dsa> (Minor issue)
 	NOTE: https://github.com/DCMTK/dcmtk/commit/a9697dfeb672b0b9412c00c7d36d801e27ec85cb (DCMTK-3.6.7)
 CVE-2021-41687 (DCMTK through 3.6.6 does not handle memory free properly. The program  ...)
 	{DLA-3847-1}
 	- dcmtk 3.6.7-1
-	[bullseye] - dcmtk <no-dsa> (Minor issue)
 	NOTE: https://github.com/DCMTK/dcmtk/commit/a9697dfeb672b0b9412c00c7d36d801e27ec85cb (DCMTK-3.6.7)
 CVE-2021-41686
 	RESERVED


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[31 Jan 2025] DLA-4038-1 dcmtk - security update
+	{CVE-2021-41687 CVE-2021-41688 CVE-2021-41689 CVE-2021-41690 CVE-2022-2121 CVE-2022-43272 CVE-2024-28130 CVE-2024-34508 CVE-2024-34509 CVE-2024-47796 CVE-2024-52333}
+	[bullseye] - dcmtk 3.6.5-1+deb11u1
 [31 Jan 2025] DLA-4037-1 openjdk-11 - security update
 	{CVE-2025-21502}
 	[bullseye] - openjdk-11 11.0.26+4-1~deb11u1


=====================================
data/dla-needed.txt
=====================================
@@ -59,10 +59,6 @@ ckeditor3
   NOTE: 20241002: rouca to check EOL'd ckeditor3 -> ckeditor[v4] upgrade path
   NOTE: 20241002: https://lists.debian.org/debian-lts/2024/10/msg00003.html
 --
-dcmtk (Adrian Bunk)
-  NOTE: 20250117: Added by Front-Desk (rouca)
-  NOTE: 20250117: Multiple CVEs have been piling up (rouca/front-desk)
---
 djoser
   NOTE: 20250117: Added by Front-Desk (rouca)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d3cf1fcf56b514a5bba418eb09b358cc55da8cf1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d3cf1fcf56b514a5bba418eb09b358cc55da8cf1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250131/b83a86ac/attachment-0001.htm>
