Your message dated Thu, 07 May 2026 11:19:10 +0000
with message-id <[email protected]>
and subject line Bug#1082875: fixed in invesalius 3.1.99998-8
has caused the Debian Bug report #1082875,
regarding invesalius: CVE-2024-42845
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1082875: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1082875
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: invesalius
X-Debbugs-CC: [email protected]
Severity: important
Tags: security
Hi,
The following vulnerability was published for invesalius.
CVE-2024-42845[0]:
| An eval Injection vulnerability in the component
| invesalius/reader/dicom.py of InVesalius 3.1.99991 through 3.1.99998
| allows attackers to execute arbitrary code via loading a crafted
| DICOM file.
Not sure if that has actually been reported upstream, currently the only
reference is
https://github.com/partywavesec/invesalius3_vulnerabilities/tree/main/CVE-2024-42845
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2024-42845
https://www.cve.org/CVERecord?id=CVE-2024-42845
Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Source: invesalius
Source-Version: 3.1.99998-8
Done: Santiago Vila <[email protected]>
We believe that the bug you reported is fixed in the latest version of
invesalius, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Santiago Vila <[email protected]> (supplier of updated invesalius package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 07 May 2026 12:55:00 +0200
Source: invesalius
Architecture: source
Version: 3.1.99998-8
Distribution: unstable
Urgency: medium
Maintainer: Debian Med Packaging Team
<[email protected]>
Changed-By: Santiago Vila <[email protected]>
Closes: 1082875
Changes:
invesalius (3.1.99998-8) unstable; urgency=medium
.
* Team upload.
.
[ Adrian Bunk ]
* Fix CVE-2024-42845 (eval injection in DICOM reader). Closes: #1082875.
.
[ Santiago Vila ]
* Drop "Rules-Requires-Root: no" (default).
* Drop "Priority: optional" (default).
* Update standards-version.
* Simplify salsa-ci.yml.
Checksums-Sha1:
61216386bda0a3386cddef92e8a6a8747bddc76f 1975 invesalius_3.1.99998-8.dsc
673e617b89f63045caa5670391b0cf4d60b8c0b7 38064
invesalius_3.1.99998-8.debian.tar.xz
bb33fb4dbeedd50537a5e2b85cb4c1d549a48867 7597
invesalius_3.1.99998-8_source.buildinfo
Checksums-Sha256:
6e8798fd450a971bc3eb67d2faaf32f543175cd9aebff02d4d4b3bf8aa6ac588 1975
invesalius_3.1.99998-8.dsc
a3fc3e44946eb8e6ac54e5bfa586a033c1e2e0793c2398e0374b33ecc7f87c37 38064
invesalius_3.1.99998-8.debian.tar.xz
6a1ae36dbd2aafe1d658696f931b8ed915c7a03947c536dddbeda146bf556d6e 7597
invesalius_3.1.99998-8_source.buildinfo
Files:
68a276fc42089bc80132da477d30c936 1975 graphics optional
invesalius_3.1.99998-8.dsc
fd149b4382598076da0ffe0a3005323d 38064 graphics optional
invesalius_3.1.99998-8.debian.tar.xz
520a2d52809ade4da4a7d9f2101db180 7597 graphics optional
invesalius_3.1.99998-8_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCgAdFiEE1Uw7+v+wQt44LaXXQc5/C58bizIFAmn8cRMACgkQQc5/C58b
izKM0AgAgm3xmUdT4gSRtUShMMpEK2X4egoIq90vHPw/8VksshpUVuXeNel50HaS
AkTJzhJtkwBdPC5/rSZY+aFfMEWl/p1uyzzKv2USFu2AAK2Vs0wOimJEXreZz9t8
TtxykrZf6gXh8ms/V2rcM138mFbQFKT6SLYU+FAXl/2x951IWx3+JpmNYM7FyALb
Hsv6idHeH/nhYshQTXWi5tOGjMj02Lim+gjUrIPdcF5Riyj2xUbqnJr43PcXymK1
xZXKygGRyeVQUEj/O3q/9B07hUUL8HrsWjYDsVrwaS9A7kcVEUjjtXryallXIDRi
fINZ9OlhcIGUuu667/HlDAfwJz0Xyw==
=iDig
-----END PGP SIGNATURE-----
pgp9Yguxr1ZpA.pgp
Description: PGP signature
--- End Message ---
