Your message dated Wed, 11 Feb 2026 19:34:10 +0000
with message-id <[email protected]>
and subject line Bug#1123584: fixed in dcmtk 3.7.0-1
has caused the Debian Bug report #1123584,
regarding dcmtk: CVE-2025-14841
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1123584: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1123584
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: dcmtk
Version: 3.6.9-6
Severity: important
Tags: security upstream
Forwarded: https://support.dcmtk.org/redmine/issues/1183
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for dcmtk.
CVE-2025-14841[0]:
| A flaw has been found in OFFIS DCMTK up to 3.6.9. The impacted
| element is the function DcmQueryRetrieveIndexDatabaseHandle::startFi
| ndRequest/DcmQueryRetrieveIndexDatabaseHandle::startMoveRequest in
| the library dcmqrdb/libsrc/dcmqrdbi.cc of the component dcmqrscp.
| This manipulation causes null pointer dereference. The attack
| requires local access. Upgrading to version 3.7.0 is sufficient to
| resolve this issue. Patch name:
| ffb1a4a37d2c876e3feeb31df4930f2aed7fa030. You should upgrade the
| affected component.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-14841
https://www.cve.org/CVERecord?id=CVE-2025-14841
[1] https://support.dcmtk.org/redmine/issues/1183
[2]
https://github.com/DCMTK/dcmtk/commit/ffb1a4a37d2c876e3feeb31df4930f2aed7fa030
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: dcmtk
Source-Version: 3.7.0-1
Done: Étienne Mollier <[email protected]>
We believe that the bug you reported is fixed in the latest version of
dcmtk, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Étienne Mollier <[email protected]> (supplier of updated dcmtk package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 11 Feb 2026 18:32:36 +0100
Source: dcmtk
Architecture: source
Version: 3.7.0-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Med Packaging Team
<[email protected]>
Changed-By: Étienne Mollier <[email protected]>
Closes: 1060677 1122926 1123584
Changes:
dcmtk (3.7.0-1) unstable; urgency=medium
.
* Team upload.
* New upstream version 3.7.0: fixes CVE-2025-14607 and CVE-2025-14841.
(Closes: #1122926, #1123584, #1060677)
* d/copyright: refresh following new upstream release.
* *-CVE-*.patch: delete: all security issues are fixed upstream.
* 07_dont_export_all_executables.patch: unfuzz.
* d/control: drop redundant Priority: optional.
* d/control: declare compliance to standards version 4.7.3.
* d/dcmtk-doc.doc-base: update upstream version.
Checksums-Sha1:
e3b409c0e4de84250863c272847aba62a97c5701 2525 dcmtk_3.7.0-1.dsc
3bac9e77e3e835ebaced6fd4bdb1c27ae331bfe0 9442410 dcmtk_3.7.0.orig.tar.gz
1e9399d5657abf219b5fa25eb5f05e7923df3379 28384 dcmtk_3.7.0-1.debian.tar.xz
Checksums-Sha256:
a7250853350aae8e93d11cd9359a19ad7b1df12b58bf5f618b6025c4b956123d 2525
dcmtk_3.7.0-1.dsc
5828bac45e98d7196048b6282a8a10d8eed5881b56112490ad78575eeae8cc1d 9442410
dcmtk_3.7.0.orig.tar.gz
05885ab3ffebde280eabf096abefda5c3a9126d0f7576bf3daab66d839e4852a 28384
dcmtk_3.7.0-1.debian.tar.xz
Files:
91e0ccfc074b843b190c921ab470e385 2525 science optional dcmtk_3.7.0-1.dsc
4a234ea24e142db5190a67e98cb89c9a 9442410 science optional
dcmtk_3.7.0.orig.tar.gz
5c33ab17ae09e07ac4f48d7eb78de48a 28384 science optional
dcmtk_3.7.0-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQJIBAEBCgAyFiEEj5GyJ8fW8rGUjII2eTz2fo8NEdoFAmmM1M4UHGVtb2xsaWVy
QGRlYmlhbi5vcmcACgkQeTz2fo8NEdpT5hAAqrindqTiaTyn593EdrcJtQD5lEf5
kHtQl7BBFKLia9Z5xNl0XX65DqXzlF18UaPqLNgWA4Bo88XUwgqo2DRi8EiPh686
nwVkgGl+ESB+HOl53r4tryHAtjDX2bXgTcsbcYluftAcNVeUe+eJjhKCWgz7VROu
bz0aNVtdz7bl1kcV4834ao1OKasYie8uA5uR/5YyrKN8dIou0+huQlCCJcozRTh9
slVeg81BmFzjdlJGfLXpSWdRNEmdyObThYY6vrkdo+bPFEBMsLMmg6u4zimDypq6
NrcYN6JCc/E/kr6UWKypadsTQqZtby0vs7EA0zPD6VF8ebTgELpwPLculWTK9HuW
J/SO1xXBPblJrpInXP2js5dCJ6MT2dRH70MPk5KlzXkOfDGahbXAXDpArZSW5jra
a6b9xpfdPwWIxysjBsSJ+zu6NUPGNxwowQQIviSxRbKiHj4J71Ty59J4zooNYRP0
DFeG8/kElaO6VxmJM6aP8uM7Dw6/1/HJrElszhikvIapVe01regM74kJ8ozKR088
R29rWwEmhf2XDt0RKzmGyIF8bg1CWwt6ph3Fb5KTBsVsQUKVbAJkmp5PdAXjr8n3
KEBqRhyP7yOSFxi3nf4j81XnDkLIgwTmGxV4nc5EWJ3Zjd9SjLlbUMHvXPmgnOLT
LLK+d6iDRKvFKIs=
=eTyi
-----END PGP SIGNATURE-----
pgpQpGguyJHCs.pgp
Description: PGP signature
--- End Message ---
