Your message dated Thu, 27 Mar 2025 21:47:09 +0000
with message-id <[email protected]>
and subject line Bug#1100986: fixed in xmedcon 0.23.0-gtk3+dfsg-1+deb12u2
has caused the Debian Bug report #1100986,
regarding xmedcon: CVE-2025-2581
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1100986: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1100986
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: xmedcon
X-Debbugs-CC: [email protected]
Severity: important
Tags: security
Hi,
The following vulnerability was published for xmedcon.
CVE-2025-2581[0]:
| A vulnerability has been found in xmedcon 0.25.0 and classified as
| problematic. Affected by this vulnerability is the function malloc
| of the component DICOM File Handler. The manipulation leads to
| integer underflow. The attack can be launched remotely. Upgrading to
| version 0.25.1 is able to address this issue. It is recommended to
| upgrade the affected component.
https://xmedcon.sourceforge.io/Main/New
https://sourceforge.net/p/xmedcon/code/ci/e7a88836fc2277f8ab777f3ef24f917d08415559/
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-2581
https://www.cve.org/CVERecord?id=CVE-2025-2581
Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Source: xmedcon
Source-Version: 0.23.0-gtk3+dfsg-1+deb12u2
Done: Étienne Mollier <[email protected]>
We believe that the bug you reported is fixed in the latest version of
xmedcon, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Étienne Mollier <[email protected]> (supplier of updated xmedcon package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 22 Mar 2025 19:58:34 +0100
Source: xmedcon
Architecture: source
Version: 0.23.0-gtk3+dfsg-1+deb12u2
Distribution: bookworm
Urgency: medium
Maintainer: Debian Med Packaging Team
<[email protected]>
Changed-By: Étienne Mollier <[email protected]>
Closes: 1100986
Changes:
xmedcon (0.23.0-gtk3+dfsg-1+deb12u2) bookworm; urgency=medium
.
* Team upload.
* CVE-2025-2581.patch: new: fix CVE-2025-2581. (Closes: #1100986)
Checksums-Sha1:
e1e6626a776f1bb1211d7a43b6233da3cd857a0a 2449
xmedcon_0.23.0-gtk3+dfsg-1+deb12u2.dsc
63d2cde7bb5732f4b3acc5bc59275ea3f476f3fe 14076
xmedcon_0.23.0-gtk3+dfsg-1+deb12u2.debian.tar.xz
Checksums-Sha256:
82b9676e6553fbac0b0424a1b35171a2351084e87d3f8650bf81e178c1c85d3c 2449
xmedcon_0.23.0-gtk3+dfsg-1+deb12u2.dsc
9efbdf9b2a2d35ff4f5fe49542a130a4e7cbbf503459514c98c11ef8388a0bed 14076
xmedcon_0.23.0-gtk3+dfsg-1+deb12u2.debian.tar.xz
Files:
21a0d1ecad3ab30f48d8f8a951ce9007 2449 graphics optional
xmedcon_0.23.0-gtk3+dfsg-1+deb12u2.dsc
5cc13b884ea71da5970d26416faa25c3 14076 graphics optional
xmedcon_0.23.0-gtk3+dfsg-1+deb12u2.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQJIBAEBCgAyFiEEj5GyJ8fW8rGUjII2eTz2fo8NEdoFAmflrw4UHGVtb2xsaWVy
QGRlYmlhbi5vcmcACgkQeTz2fo8NEdoL2BAArvYPVmbyK0Ry2ji8eMgUpqwf4x8q
BFioeP5n+Yptc9kcett/+PVBOAmR10EKP3SgPt5kb+HzKfRJAo759KsBD5C90h9I
dK+J+Y0rVHGgUN/GdDcgWQjwirJQDw0h34WtGRV+NG+eILbed1LIZoOwt7Ht/0mw
dblMkjSRB7wzCu22VHthltHCNTWdCzH0kZJSpKZ34crETtHXxOGItfeiH78QgYZr
bzh1EuVVltaIjbrngVIq23N7VO/Q7bgtstx2xpFq2jNhgD5maNzFrUZyp8yHJxZ5
z5Ydx0zwpGVo0iQQSTNY2c+2avDDBaPhlWLHVpzFezzkhfLPyOPDsmZ2PKdIRm71
1QkmLoqLTSRtfGQSlXnqY+G2EhDrUBPdrVE3kX0cjk+Ke3/XqW4ceYFc7E1JbAuD
cfZ2Oe3Q+VG6tz5mUAqgitcLphL0hS6ySyG+gnRoZXVGSHA154rF2Rgr7ys0MTho
A4jYIgVXLg6TvZykA3HiEKR/HEy3rfNDawqy+XIZZf3FYhgObz8pcTbcd13RYPdd
LgIsNBc9zZvBn4WXm8FpOfjOnxKnHEUQYIleyaMM6vKFyyy8Iwx5n3Fk2ZVL9hKS
InfqGfeZZ8V6cYNDWTC0fjPA66gePQ8UFEv9er5NpYbMnseMcpwhEcV+QVfjvVmi
Qsd3KlxP52jhF9c=
=VrXQ
-----END PGP SIGNATURE-----
pgppgmSMwAwVe.pgp
Description: PGP signature
--- End Message ---
