Your message dated Tue, 06 Aug 2024 12:49:18 +0000
with message-id <[email protected]>
and subject line Bug#1074534: fixed in dcm2niix 1.0.20240202-1
has caused the Debian Bug report #1074534,
regarding dcm2niix: CVE-2024-27629
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1074534: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074534
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: dcm2niix
Version: 1.0.20220720-1
Severity: grave
Tags: security upstream
Justification: user security hole
Forwarded: https://github.com/rordenlab/dcm2niix/pull/789
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for dcm2niix.
CVE-2024-27629[0]:
| An issue in dc2niix before v.1.0.20240202 allows a local attacker to
| execute arbitrary code via the generated file name is not properly
| escaped and injected into a system call when certain types of
| compression are used.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2024-27629
https://www.cve.org/CVERecord?id=CVE-2024-27629
[1] https://github.com/rordenlab/dcm2niix/pull/789
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: dcm2niix
Source-Version: 1.0.20240202-1
Done: Étienne Mollier <[email protected]>
We believe that the bug you reported is fixed in the latest version of
dcm2niix, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Étienne Mollier <[email protected]> (supplier of updated dcm2niix package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 06 Aug 2024 14:17:11 +0200
Source: dcm2niix
Architecture: source
Version: 1.0.20240202-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Med Packaging Team
<[email protected]>
Changed-By: Étienne Mollier <[email protected]>
Closes: 1074534
Changes:
dcm2niix (1.0.20240202-1) unstable; urgency=medium
.
* New upstream version 1.0.20240202 fixes: CVE-2024-27629 (Closes: #1074534)
* d/t/get-test-data: fix multiple issues in the download script.
* d/control: add myself to uploaders.
* d/control: declare compliance to standards version 4.7.0.
* d/t/run-unit-test: freshen expected test result to newer algorithms.
* d/control: migrate from pkg-config to pkgconf.
Checksums-Sha1:
60f0ee793dc02c7d1d5b09fb6071f9f95f1567da 2619 dcm2niix_1.0.20240202-1.dsc
3f467add057c54dae836ce87064189a8c5010a39 11836378
dcm2niix_1.0.20240202.orig-debian-tests-data.tar.gz
0eb800e2a455cff2714cae63d8576d2958d50a7a 495024
dcm2niix_1.0.20240202.orig.tar.gz
94515fc651a0b2dd3b12996fac1709110bbb03e6 6020
dcm2niix_1.0.20240202-1.debian.tar.xz
Checksums-Sha256:
2f73749000b7789bc54d7695ce94a109fef943ed866eef0b9a4bb72a2f8ff6ca 2619
dcm2niix_1.0.20240202-1.dsc
ac5496874f98706d3b561a0be68a6f7e87db8fe8c035a83a70b0865c8597a093 11836378
dcm2niix_1.0.20240202.orig-debian-tests-data.tar.gz
ad8e4a5b97a682c32ef1d88283c15c7cb767c4092cb1754119f8e8b3d940fe91 495024
dcm2niix_1.0.20240202.orig.tar.gz
bec4d131e2723964ba2c77b48c61dc446769678592ba356bda3019cb7ae60b5e 6020
dcm2niix_1.0.20240202-1.debian.tar.xz
Files:
99154336dd478709b226b209faaf02b3 2619 science optional
dcm2niix_1.0.20240202-1.dsc
1eb5df3e03313d92c875bb4dbc063ac7 11836378 science optional
dcm2niix_1.0.20240202.orig-debian-tests-data.tar.gz
515ff41631a7b25637c1ff0e541e3f99 495024 science optional
dcm2niix_1.0.20240202.orig.tar.gz
8ed8d11b5adca8b754d9d5077d8165d3 6020 science optional
dcm2niix_1.0.20240202-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQJIBAEBCgAyFiEEj5GyJ8fW8rGUjII2eTz2fo8NEdoFAmayGBMUHGVtb2xsaWVy
QGRlYmlhbi5vcmcACgkQeTz2fo8NEdoD7g//bqLp0pae7djeIMV+DDyBe7kd+xk7
8rtrHbCrv/zeqbmQYy8g3djvlmCZBkcVyGkQZVKWJoXFUl6A/L/Mmt5sGTFbDGhh
rwL0grxOjnT1/TFATt/aNweRPlO0xrCO5F2c+XBlkkecsx0KPuxUa2tiBTg1krHX
O7yXtDVKzkqppin0JsM8px+r6B+MT72G3olEedD/fcbRwC726figf+hNafEMmNc1
vo8BhnL3qpdagjeVQbLJay0aHLgvWzhSAxAufd7Mo3eCuMmdWQM4jchUTuarwhYl
9lYrl5gitjIJz1vCOr2IoZWTUcHH4pW2t29jEsnODrKRd2j+J9kzzL4gZJpvym96
roV15OmFw2PYxc+nZA4fKdGFKxZGDjrpbaX18Zy6HHs698LxQbyqSXTifgts89S6
w0iymLRLfwvI4E2FmhglhqHpTXbEKQ4c3vuLPNfvcMPWZ0nbbEOblf+zheahHmxF
/RQu6IUIKxWkrrYDU3XAXKZYFFW4cbYlFNHl9C4wts1DDRlzeV3o+XEcvYKcf8YQ
pNwMAs+SNt4u/xl+/4Q9AWbfAaGKOI+79Q09ARE+cMxM55Hsb60IHQGqUO7fVKA3
ZzxognYVFAtBvGXVg97fgxXpEn3SW/0MotKsZmVMMGB1pC/I8QdJjp8voC9mGuqm
ZQdTgJPnZNPrVvw=
=16Ch
-----END PGP SIGNATURE-----
pgpw0zTOGBzOT.pgp
Description: PGP signature
--- End Message ---
