Your message dated Wed, 10 Dec 2025 22:06:48 +0000
with message-id <[email protected]>
and subject line Bug#1113993: fixed in dcmtk 3.6.9-6
has caused the Debian Bug report #1113993,
regarding dcmtk: CVE-2025-9732
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1113993: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1113993
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: dcmtk
Version: 3.6.9-5
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for dcmtk.
CVE-2025-9732[0]:
| A vulnerability was identified in DCMTK up to 3.6.9. This affects an
| unknown function in the library
| dcmimage/include/dcmtk/dcmimage/diybrpxt.h of the component dcm2img.
| Such manipulation leads to memory corruption. Local access is
| required to approach this attack. The name of the patch is
| 7ad81d69b. It is best practice to apply a patch to resolve this
| issue.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-9732
https://www.cve.org/CVERecord?id=CVE-2025-9732
[1]
https://github.com/DCMTK/dcmtk/commit/7ad81d69b19714936e18ea5fc74edaeb9f021ce7
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: dcmtk
Source-Version: 3.6.9-6
Done: Étienne Mollier <[email protected]>
We believe that the bug you reported is fixed in the latest version of
dcmtk, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Étienne Mollier <[email protected]> (supplier of updated dcmtk package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 10 Dec 2025 22:34:17 +0100
Source: dcmtk
Architecture: source
Version: 3.6.9-6
Distribution: unstable
Urgency: medium
Maintainer: Debian Med Packaging Team
<[email protected]>
Changed-By: Étienne Mollier <[email protected]>
Closes: 1113993 1122403
Changes:
dcmtk (3.6.9-6) unstable; urgency=medium
.
* Team upload.
* d/rules: cleanup a stray "noname" file. (Closes: #1122403)
* d/patches/*-CVE-2025-9732.patch: new.
These changes pulled from dcmtk upstream address CVE-2025-9732.
(Closes: #1113993)
* d/watch: convert to v5 Github template.
* d/control: drop redundant Rules-Requires-Root: no.
* d/control: declare compliance to standards version 4.7.2.
* d/libdcmtk19.lintian-overrides: fix typo caught by lintian.
Checksums-Sha1:
6203b402172eebe675cb959f02a978b0861f857c 2525 dcmtk_3.6.9-6.dsc
9923c7251e6ad19a2515d944150db359e480ecb2 35568 dcmtk_3.6.9-6.debian.tar.xz
Checksums-Sha256:
6866b07c984b76cd9d3a41106ffb869ecd9ec0a09e32ae3db27c2e6a3279781c 2525
dcmtk_3.6.9-6.dsc
e95ec0316ab63b4a7aaaf9d5c47a57f1181ce5dc86aa0ce9035384472c242d41 35568
dcmtk_3.6.9-6.debian.tar.xz
Files:
8deab45ca0e5570f0a6690d6f004ea59 2525 science optional dcmtk_3.6.9-6.dsc
28f27d30f477fac24cc679a9222049d0 35568 science optional
dcmtk_3.6.9-6.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQJIBAEBCgAyFiEEj5GyJ8fW8rGUjII2eTz2fo8NEdoFAmk56u0UHGVtb2xsaWVy
QGRlYmlhbi5vcmcACgkQeTz2fo8NEdo67xAAh6wEFVKfAvHZ82BiEJHcXZx1sxpc
yeRw/wg3WL1LoXfU5N1hM83PnkVyr22BZ2Q8A4FJdapH4SkWw1dnmWzRP9I+m5hK
me7QAg/0GmMOFxIK2N2WoTI3AJOb8hKTWH9u1BMS6PS8fS9pSJ9JIqrhVVbHy3iP
UkfKStp2th3L/VfufogRYHaksPNpsSvmeOjdvqqD7niC7qGAnkR3VT7jdYq9OpuB
Q9w63yA+M6qeA5RdmiN0SACHuvV2h4ascZhY+NiYbCxa6eEGveRieiLhl7EbXdbC
qqzqiy/b9vrWgo42fF3bJsRkRQTluuvbOocA6ePRgDGum0BAnqyX+JiSapKwdwsB
QyxAopEUQA/k03tb5XjBF833nEmAJoi0/cXrFzQ600OB3psIVOyOR863c7iyjvJc
Qq51yY1LqW3x17ueqXcLp/oLUzJf3E/ssDO9e6IoeAk1iN1mSKLbGhshlHf0iytU
FbZ2tcetrG+10LUmNKZV/14CCS+xFcBcnDydTqReDr8MHp04LL3Tf4TCjXKJch/W
bVNCFbMDU5QwPiN3ZDB8vBehEo6GYT8QrX4Y8sfY9GcjSzSM60R/hlwpuXfENr/w
yOHyd6SE3UHvmoVsAD5x4Xk22iuiM6XwwOIgpiNBBkddOUi64KeInZxND2MJs8og
Dr+XgmUccGI1Vp0=
=qsDL
-----END PGP SIGNATURE-----
pgpY2VcoBTHke.pgp
Description: PGP signature
--- End Message ---
