Your message dated Sat, 22 Mar 2025 19:05:58 +0000
with message-id <[email protected]>
and subject line Bug#1100986: fixed in xmedcon 0.25.1-gtk3+dfsg-1
has caused the Debian Bug report #1100986,
regarding xmedcon: CVE-2025-2581
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1100986: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1100986
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: xmedcon
X-Debbugs-CC: [email protected]
Severity: important
Tags: security
Hi,
The following vulnerability was published for xmedcon.
CVE-2025-2581[0]:
| A vulnerability has been found in xmedcon 0.25.0 and classified as
| problematic. Affected by this vulnerability is the function malloc
| of the component DICOM File Handler. The manipulation leads to
| integer underflow. The attack can be launched remotely. Upgrading to
| version 0.25.1 is able to address this issue. It is recommended to
| upgrade the affected component.
https://xmedcon.sourceforge.io/Main/New
https://sourceforge.net/p/xmedcon/code/ci/e7a88836fc2277f8ab777f3ef24f917d08415559/
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-2581
https://www.cve.org/CVERecord?id=CVE-2025-2581
Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Source: xmedcon
Source-Version: 0.25.1-gtk3+dfsg-1
Done: Étienne Mollier <[email protected]>
We believe that the bug you reported is fixed in the latest version of
xmedcon, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Étienne Mollier <[email protected]> (supplier of updated xmedcon package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 22 Mar 2025 19:09:24 +0100
Source: xmedcon
Architecture: source
Version: 0.25.1-gtk3+dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Med Packaging Team
<[email protected]>
Changed-By: Étienne Mollier <[email protected]>
Closes: 1100986
Changes:
xmedcon (0.25.1-gtk3+dfsg-1) unstable; urgency=medium
.
* New upstream version 0.25.1-gtk3+dfsg fixes CVE-2025-2581.
(Closes: #1100986)
* typos.patch: refresh patch.
* gcc-15.patch: remove: applied upstream.
* d/copyright: fix l/t/ecat7w.c and s/m-qmedian.c terms.
Checksums-Sha1:
1907ff3cf7552a8d533d795a51875598824841e6 2488 xmedcon_0.25.1-gtk3+dfsg-1.dsc
ae998d52459e6d5111a163e6b9afef6cf3d1623a 445376
xmedcon_0.25.1-gtk3+dfsg.orig.tar.xz
b65ab7b1c8c9f78caa9f274327e912f339edf455 13692
xmedcon_0.25.1-gtk3+dfsg-1.debian.tar.xz
Checksums-Sha256:
eb034adeffef6e1df7272793cb05d89cea6790b01c448eac072365509f2bc6ca 2488
xmedcon_0.25.1-gtk3+dfsg-1.dsc
96b3402037209b8c59394fc1d107739222a8ea3861fdf97cf17d9b557421911a 445376
xmedcon_0.25.1-gtk3+dfsg.orig.tar.xz
f53b744b23341c2ce8782077c91eb2e0f74422284fce7137ac474b328e851bb8 13692
xmedcon_0.25.1-gtk3+dfsg-1.debian.tar.xz
Files:
44d474f7be42dc450f7b9bced46ad66e 2488 graphics optional
xmedcon_0.25.1-gtk3+dfsg-1.dsc
8a7f380d21a9acbc378c8ca13b8c540f 445376 graphics optional
xmedcon_0.25.1-gtk3+dfsg.orig.tar.xz
d4d162967f64db4e40c9289f59985584 13692 graphics optional
xmedcon_0.25.1-gtk3+dfsg-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQJIBAEBCgAyFiEEj5GyJ8fW8rGUjII2eTz2fo8NEdoFAmffBSwUHGVtb2xsaWVy
QGRlYmlhbi5vcmcACgkQeTz2fo8NEdqlHxAAq68ASoMTNnrFKXWcP6+O/bu+VgeT
JaE9eUWX6TLxIOqbT2/S+zbaCmgv3al9tNPP4o+gbJChnOpMmdGwaBmVehpWLnrI
gDf1G7GzzWpQrBqXnAEpd1EP4zi3L8/S/+vF0IAj+kM540696SI6324a+uwPkOPA
F8jjmsQc5hRX7FwUozEe/sh+ximLC+J6uvijaeyHs9osdfmNBabos5u4decaNGx1
LoFnQxz+j/KFSw2obuv8vvXZ8bR9mXfbmQIFslyF2CugBLHnmYQDTSlWDfTu1h19
YWiOPxensaNNrACb/9ytgMyL8AsRgYZg53YYz+M2RzfO4kY3mlFRYMKRdKjtnFDC
B+xhGu2JQGS0JLO7+sOZyP1mOgnC6P5TepFHYuJ3u0/4ILy66olv+Fx46LjPHHQP
+m4XZWAKdu0kK9yeFVwmQ4RJkULVQ9BerD/B2aD4Z/AqiCKpkyBvg4eWZdpX9TX+
cgOf6gHI8Cy8F9onolhjbADp2E3NAS77uZRVN+n331px2prnJapN9YtvisPpq8x5
BRaPKntnggfkSZsuDgCBbi4vjr1bxmhnbbrlNpknFa/YxSyz/EbwpObmoESQ/x7V
PLrY7S/RWRlrNskUm7Zi0D3dpwhxac2jMbq3Jt9M2KWCqST97vIJiSOJUEbmm21G
+ktWPK9hhwBn4vs=
=t6ZW
-----END PGP SIGNATURE-----
pgpn6zI_gIYZj.pgp
Description: PGP signature
--- End Message ---
