Your message dated Wed, 19 Feb 2025 22:34:30 +0000
with message-id <[email protected]>
and subject line Bug#1098373: fixed in dcmtk 3.6.9-4
has caused the Debian Bug report #1098373,
regarding dcmtk: CVE-2025-25475
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1098373: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098373
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: dcmtk
Version: 3.6.9-3
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for dcmtk.
CVE-2025-25475[0]:
| A NULL pointer dereference in the component /libsrc/dcrleccd.cc of
| DCMTK v3.6.9+ DEV allows attackers to cause a Denial of Service
| (DoS) via a crafted DICOM file.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-25475
https://www.cve.org/CVERecord?id=CVE-2025-25475
[1]
https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=bffa3e9116abb7038b432443f16b1bd390e80245
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: dcmtk
Source-Version: 3.6.9-4
Done: Étienne Mollier <[email protected]>
We believe that the bug you reported is fixed in the latest version of
dcmtk, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Étienne Mollier <[email protected]> (supplier of updated dcmtk package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 19 Feb 2025 22:30:57 +0100
Source: dcmtk
Architecture: source
Version: 3.6.9-4
Distribution: unstable
Urgency: medium
Maintainer: Debian Med Packaging Team
<[email protected]>
Changed-By: Étienne Mollier <[email protected]>
Closes: 1098373 1098374
Changes:
dcmtk (3.6.9-4) unstable; urgency=medium
.
* Team upload.
* Reinstate 0007-CVE-2024-47796.patch and 0008-CVE-2024-52333.patch.
These were not part of dcmtk 3.6.9 upstream and still apply.
Thanks to Salvatore Bonaccorso
* 0009-CVE-2025-25475.patch: new: fix CVE-2025-25475. (Closes: #1098373)
* 0010-CVE-2025-25474.patch: new: fix CVE-2025-25474. (Closes: #1098374)
* 0011-CVE-2025-25472.patch: new: fix CVE-2025-25472.
Checksums-Sha1:
686643d9ea1cedf5847cc13cff2d912f7a09ebf5 2525 dcmtk_3.6.9-4.dsc
aa39e54a09f7498ce80a6ed2e0296b3de6fda362 31392 dcmtk_3.6.9-4.debian.tar.xz
Checksums-Sha256:
049aa65a99feb06d983602a30c3493ed0b2fb1d2d488318d75cdcc3da177a485 2525
dcmtk_3.6.9-4.dsc
1bc9cfe616589cec27e4161d7af9557324dc03ae0f70516d3c29511129af5dd8 31392
dcmtk_3.6.9-4.debian.tar.xz
Files:
aa6b31c26cb4c1ce1d5336e785592ae4 2525 science optional dcmtk_3.6.9-4.dsc
907281072051d302b248aee1cd824cf5 31392 science optional
dcmtk_3.6.9-4.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQJIBAEBCgAyFiEEj5GyJ8fW8rGUjII2eTz2fo8NEdoFAme2Vy4UHGVtb2xsaWVy
QGRlYmlhbi5vcmcACgkQeTz2fo8NEdqhPBAAgw1xQHqHeR2Pf/lvm/7RgY/473Fx
ik+aJedwrQpbAEgR9mGXuS21KZqNBSDZ0Va47cZXFvQpQwlWvOgpnu9AOoXAzgBF
iLJVnUp8Qs4mQWNHNGyzALVqTh6jBkj/EGZqieF2NZbeBKXLvV9sOjcvsa+LOq1G
ynn6v7zahTVNTPRS9HOfi8U7LWO3RSia+XVOWimTIWj6h8XQjZxtkrL9LWcucv+k
/vpD0XdsDFZK6DnsIMK0WW3YTCAmA8Oz3G40Ajd9Sx2am8xwHiITxNcRyR3AxdFV
4YNeTeYPar2waObkyx9WdaxZQX/4BgZ55Sow1B5ObzoIt+DsqQopO9rmiZQijccO
kgKA0sjRp4t26Yp8wXt810rByDhEIEU/aU1GYElFI1l4JsVKFbWWvLy/8n2l20Rk
wd6e5bIsf+uyGzErYv/zcXWGWTneTtyYuclsz0PLvnsCrC2XoxVQXe7fmDveeAj0
MBe2wVjQyO1C8elhGmNtMgIR0+qReYFmGG+xkBUToUANDS8qG3cuILkgC5Q6tRC/
zVLYBQufgEZaeF9ZX2BbGaZirgDNq+ehXRI2keLF5a7xpjrpAl4Cp2SYahcbdxvr
hz2S1Ue1vJAa+LHJcGk4dsqenPhv1uK3idqtBM7uDjDNMSBopWOBbagQpQz7+Vjp
KlD6/DOCz+JJEk0=
=rrIM
-----END PGP SIGNATURE-----
pgpuGCIecRCZ1.pgp
Description: PGP signature
--- End Message ---
