Your message dated Thu, 19 Feb 2026 02:10:18 +0000
with message-id <[email protected]>
and subject line Bug#1123584: fixed in dcmtk 3.7.0+really3.7.0-0+exp1
has caused the Debian Bug report #1123584,
regarding dcmtk: CVE-2025-14841
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1123584: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1123584
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: dcmtk
Version: 3.6.9-6
Severity: important
Tags: security upstream
Forwarded: https://support.dcmtk.org/redmine/issues/1183
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for dcmtk.
CVE-2025-14841[0]:
| A flaw has been found in OFFIS DCMTK up to 3.6.9. The impacted
| element is the function DcmQueryRetrieveIndexDatabaseHandle::startFi
| ndRequest/DcmQueryRetrieveIndexDatabaseHandle::startMoveRequest in
| the library dcmqrdb/libsrc/dcmqrdbi.cc of the component dcmqrscp.
| This manipulation causes null pointer dereference. The attack
| requires local access. Upgrading to version 3.7.0 is sufficient to
| resolve this issue. Patch name:
| ffb1a4a37d2c876e3feeb31df4930f2aed7fa030. You should upgrade the
| affected component.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-14841
https://www.cve.org/CVERecord?id=CVE-2025-14841
[1] https://support.dcmtk.org/redmine/issues/1183
[2]
https://github.com/DCMTK/dcmtk/commit/ffb1a4a37d2c876e3feeb31df4930f2aed7fa030
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: dcmtk
Source-Version: 3.7.0+really3.7.0-0+exp1
Done: Étienne Mollier <[email protected]>
We believe that the bug you reported is fixed in the latest version of
dcmtk, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Étienne Mollier <[email protected]> (supplier of updated dcmtk package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 18 Feb 2026 21:22:40 +0100
Source: dcmtk
Binary: dcmtk dcmtk-data dcmtk-dbgsym dcmtk-doc libdcmtk-dev libdcmtk20
libdcmtk20-dbgsym
Architecture: source all amd64
Version: 3.7.0+really3.7.0-0+exp1
Distribution: experimental
Urgency: medium
Maintainer: Debian Med Packaging Team
<[email protected]>
Changed-By: Étienne Mollier <[email protected]>
Description:
dcmtk - OFFIS DICOM toolkit command line utilities
dcmtk-data - OFFIS DICOM toolkit data files
dcmtk-doc - OFFIS DICOM toolkit documentation
libdcmtk-dev - OFFIS DICOM toolkit development libraries and headers
libdcmtk20 - OFFIS DICOM toolkit runtime libraries
Closes: 1060677 1122926 1123584
Changes:
dcmtk (3.7.0+really3.7.0-0+exp1) experimental; urgency=medium
.
* Team upload
* d/rules: guard against accidental ABI breakages.
* New upstream version 3.7.0: fixes CVE-2025-14607 and CVE-2025-14841.
(Closes: #1122926, #1123584, #1060677)
* d/*: soname bump to libdcmtk20.
* d/control: libdcmtk20 replaces libdcmtk19.
* skip-bigendian-roundtrip-failure.patch: new: skip test failure on s390x.
The correction is work in progress upstream.
Checksums-Sha1:
23f4eea99985c8ce9a778b4df3db516054e742bf 2518
dcmtk_3.7.0+really3.7.0-0+exp1.dsc
672d038c18aa5d9dc0dbb60297e39829f02ea3d0 9447031
dcmtk_3.7.0+really3.7.0.orig.tar.gz
b033bbf700cffd3237065d059ab9994c0c97454a 29168
dcmtk_3.7.0+really3.7.0-0+exp1.debian.tar.xz
65ae516e38edd84750725eef8ce7e7d70362be5d 299848
dcmtk-data_3.7.0+really3.7.0-0+exp1_all.deb
275185c90b5633862c688739746366d6c92d7081 4787076
dcmtk-dbgsym_3.7.0+really3.7.0-0+exp1_amd64.deb
ec09bd9bdec0acca01905b760d72374e5d7b4fd3 9735764
dcmtk-doc_3.7.0+really3.7.0-0+exp1_all.deb
701e469cf8746f18367feb2af8edde102446b51c 12363
dcmtk_3.7.0+really3.7.0-0+exp1_amd64.buildinfo
85db569310280d559061903c15d784951d541b91 900216
dcmtk_3.7.0+really3.7.0-0+exp1_amd64.deb
c8c608281cadbc6270d4a39d9424401485269de7 1079512
libdcmtk-dev_3.7.0+really3.7.0-0+exp1_amd64.deb
d80a3b5285af0fda8c91d5aa6db826fe981b07fc 59270680
libdcmtk20-dbgsym_3.7.0+really3.7.0-0+exp1_amd64.deb
f4c60c6aafa3c88e2c73f5413c9744ceea391664 5857792
libdcmtk20_3.7.0+really3.7.0-0+exp1_amd64.deb
Checksums-Sha256:
e0f3b897bef2e5418940806b7c415bf8bf7615b74eee8e11add2f03e4a2670df 2518
dcmtk_3.7.0+really3.7.0-0+exp1.dsc
dd140c703d6a35810ec2d2eebc0efd7d1dfc0b87a1dc21589ac3d9b0b6fc4719 9447031
dcmtk_3.7.0+really3.7.0.orig.tar.gz
c40f807cca5d93ad5c2d1470fdc9ab051b26214edce3a395314454f04e3dfb73 29168
dcmtk_3.7.0+really3.7.0-0+exp1.debian.tar.xz
7c1571e139208439c5feb9c802af2907ac4c8546c43e574393aa6e313fb39fa8 299848
dcmtk-data_3.7.0+really3.7.0-0+exp1_all.deb
78ac820f381919c0846d0aecd677a7ece52e9e5a1362a22aef628d022d792b4c 4787076
dcmtk-dbgsym_3.7.0+really3.7.0-0+exp1_amd64.deb
c68e94a53bcc67b80379c1a0f0ab845c895e493eb2e9d1f14bfbb05c0a27b96e 9735764
dcmtk-doc_3.7.0+really3.7.0-0+exp1_all.deb
d568d0e047d106f2fd2702de2a1cb982dc7bd84c186c6f312b090e9846a7acfb 12363
dcmtk_3.7.0+really3.7.0-0+exp1_amd64.buildinfo
e8b5733fcdb9a41d9a0f2c621a9673569a5e5a071371860fa9a4f42320652396 900216
dcmtk_3.7.0+really3.7.0-0+exp1_amd64.deb
38dcdb666a1a5d6ed7662285568d6fccc9194169a7fdc0a2c79ee92e6e8aa3b2 1079512
libdcmtk-dev_3.7.0+really3.7.0-0+exp1_amd64.deb
33f947028bfdcd82de63a79fbf69bdfc26ec719c226ab531fc34d0f2e98c75ba 59270680
libdcmtk20-dbgsym_3.7.0+really3.7.0-0+exp1_amd64.deb
e230b3f0e01df72f21fa2ab6f107e7bab27bd54be11a6e6c2566506dcaca4e95 5857792
libdcmtk20_3.7.0+really3.7.0-0+exp1_amd64.deb
Files:
17e745a2369624b244aa8d79e940271d 2518 science optional
dcmtk_3.7.0+really3.7.0-0+exp1.dsc
a3a33dd6a008498d2b084fef29a4fd7d 9447031 science optional
dcmtk_3.7.0+really3.7.0.orig.tar.gz
3ecc7eb09085052b4ccd4de154e90153 29168 science optional
dcmtk_3.7.0+really3.7.0-0+exp1.debian.tar.xz
4e8f8ade69400f1340d448174d19e7da 299848 science optional
dcmtk-data_3.7.0+really3.7.0-0+exp1_all.deb
1a45c40dcda6b94e471fe1eb3e07e777 4787076 debug optional
dcmtk-dbgsym_3.7.0+really3.7.0-0+exp1_amd64.deb
e7c1e1f89d85bf9950cbff261d7b718b 9735764 doc optional
dcmtk-doc_3.7.0+really3.7.0-0+exp1_all.deb
21ddacc4bedc1499603cec8bba45fb38 12363 science optional
dcmtk_3.7.0+really3.7.0-0+exp1_amd64.buildinfo
322d90703a5d82a598c9b50b65ef63a0 900216 science optional
dcmtk_3.7.0+really3.7.0-0+exp1_amd64.deb
3e6745dc0158e241daa232e1d44fa18c 1079512 libdevel optional
libdcmtk-dev_3.7.0+really3.7.0-0+exp1_amd64.deb
b4523121a9b2238ad9231da2a7e74eb7 59270680 debug optional
libdcmtk20-dbgsym_3.7.0+really3.7.0-0+exp1_amd64.deb
aa69951395fb80f6b0e6bacd48992f64 5857792 libs optional
libdcmtk20_3.7.0+really3.7.0-0+exp1_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQJIBAEBCgAyFiEEj5GyJ8fW8rGUjII2eTz2fo8NEdoFAmmWMWgUHGVtb2xsaWVy
QGRlYmlhbi5vcmcACgkQeTz2fo8NEdpqixAAj2w3pnJ8Aa7NHFF6N6bRhw/G4M8e
+APsm+F0Po3AHDbL0ubpYevBofw6kB8o84PUjsjMChNrj+0CkTp+VhUeK2+0FqKt
sHlemMtOG9pVWWzGIOCusVVpPcIwObC3UWsQkP2nr9TapRzMeaJiuxmAAQcGcIfb
CnqRylVvJR2FQt0GyDUyvMDPXv9iu5ONCf31N9an9DMeO16ZF868chagUSasZcvE
Sh7brlxCx5hiLYOd8appnB5H7lS+evUGM62HkbH+sfGyb0rKjDdEMqQTvrDaqBOE
IrgPcwR6YDR3ttrVre0xwVKyWlC6imoYUlGuo1SS2Z73Gx318hhQ9Y7CaN4GXDl5
lsfYrI7IFCjRPpmVDyACC/DAcj5PZOKuz46bg3887jcoXEXZ950o9saQazT5MbJd
k+30r5gUXsAfhqXq8I1Jh+3HxoeoVzID7oWvHwlIvZkDdZccTbASuUIF52sIFBXk
NvuCTL06WDd2dV4VybAVi3GqdLuFmc01iOka/2oKZL5UCdkN+1MkFb2n7Mg37U+4
x9Ve5Eg4KUUZY40GOwwhRKnTXgwCc13eakC51xyn+zTsRM/R4cEsD/mhFgia736F
+GkZcriPIE2hJSX0zVwK95vEqbttYtzG3Mke3UIskS/nruAPnS/m/9PP0rf3jisq
ySPjQQSI7+6b1Ok=
=Mhuv
-----END PGP SIGNATURE-----
pgpFCxVXv7tRv.pgp
Description: PGP signature
--- End Message ---
