[Git][security-tracker-team/security-tracker][master] Reserve DLA-4227-1 for dcmtk

[Bastien Roucariès (@rouca)]

Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0fd12f80 by Bastien Roucariès at 2025-06-24T16:00:24+02:00
Reserve DLA-4227-1 for dcmtk

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -17,7 +17,7 @@ CVE-2025-6534 (A vulnerability, which was classified as problematic, was found i
 CVE-2025-6533 (A vulnerability, which was classified as critical, has been found in x ...)
 	NOT-FOR-US: novel-plus
 CVE-2025-6532 (A vulnerability classified as problematic was found in NOYAFA/Xiami LF ...)
-	NOT-FOR-US:  NOYAFA/Xiami LF9 Pro
+	NOT-FOR-US: NOYAFA/Xiami LF9 Pro
 CVE-2025-6531 (A vulnerability was found in SIFUSM/MZZYG BD S1 up to 20250611. It has ...)
 	NOT-FOR-US: SIFUSM/MZZYG BD S1
 CVE-2025-6530 (A vulnerability was found in 70mai M300 up to 20250611. It has been cl ...)
@@ -266823,13 +266823,11 @@ CVE-2022-2121 (OFFIS DCMTK's (All versions prior to 3.6.7) has a NULL pointer de
 	NOTE: Fixed by: https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=3e996a2749a9355c9b680fa464ecfd9ab9ff567f (DCMTK-3.6.7)
 CVE-2022-2120 (OFFIS DCMTK's (All versions prior to 3.6.7) service class user (SCU) i ...)
 	- dcmtk 3.6.7-6 (bug #1017743)
-	[bullseye] - dcmtk <no-dsa> (Minor issue)
 	[buster] - dcmtk <no-dsa> (Minor issue)
 	NOTE: https://support.dcmtk.org/redmine/issues/1021
 	NOTE: Fixed by: https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=f06a867513524664a1b03dfcf812d8b60fdd02cc
 CVE-2022-2119 (OFFIS DCMTK's (All versions prior to 3.6.7) service class provider (SC ...)
 	- dcmtk 3.6.7-6 (bug #1017743)
-	[bullseye] - dcmtk <no-dsa> (Minor issue)
 	[buster] - dcmtk <no-dsa> (Minor issue)
 	NOTE: https://support.dcmtk.org/redmine/issues/1021
 	NOTE: Fixed by: https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=f06a867513524664a1b03dfcf812d8b60fdd02cc


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[24 Jun 2025] DLA-4227-1 dcmtk - security update
+	{CVE-2022-2119 CVE-2022-2120 CVE-2024-47796 CVE-2025-2357 CVE-2025-25472 CVE-2025-25474 CVE-2025-25475}
+	[bullseye] - dcmtk 3.6.5-1+deb11u4
 [23 Jun 2025] DLA-4226-1 dns-root-data - DNSSEC trust anchors update
 	[bullseye] - dns-root-data 2024071801~deb11u1
 [23 Jun 2025] DLA-4225-1 gdk-pixbuf - security update


=====================================
data/dla-needed.txt
=====================================
@@ -75,13 +75,6 @@ ckeditor
 commons-beanutils (abhijith)
   NOTE: 20250607: Added by Front-Desk (ta)
 --
-dcmtk (rouca)
-  NOTE: 20250220: Added by Front-Desk (Beuc)
-  NOTE: 20250220: Previous DLA introduced another regression, this is CVE-2024-47796.
-  NOTE: 20250220: New CVEs were released.
-  NOTE: 20250220: Follow/contribute to in-progress PU #1095854 (Beuc/front-desk)
-  NOTE: 20250224: See https://salsa.debian.org/lts-team/packages/dcmtk/-/commits/wip/bullseye (ah)
---
 dnsdist
   NOTE: 20250521: Added by Front-Desk (Beuc)
   NOTE: 20250521: Also fix postponed issue (Beuc/front-desk)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0fd12f8071d57caa4af534b073ceb57776de40e7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0fd12f8071d57caa4af534b073ceb57776de40e7
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250624/86ea54f4/attachment-0001.htm>