Your message dated Tue, 30 Jun 2026 18:17:06 +0000
with message-id <[email protected]>
and subject line Bug#1113993: fixed in dcmtk 3.6.9-5+deb13u1
has caused the Debian Bug report #1113993,
regarding dcmtk: CVE-2025-9732
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1113993: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1113993
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: dcmtk
Version: 3.6.9-5
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for dcmtk.
CVE-2025-9732[0]:
| A vulnerability was identified in DCMTK up to 3.6.9. This affects an
| unknown function in the library
| dcmimage/include/dcmtk/dcmimage/diybrpxt.h of the component dcm2img.
| Such manipulation leads to memory corruption. Local access is
| required to approach this attack. The name of the patch is
| 7ad81d69b. It is best practice to apply a patch to resolve this
| issue.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-9732
https://www.cve.org/CVERecord?id=CVE-2025-9732
[1]
https://github.com/DCMTK/dcmtk/commit/7ad81d69b19714936e18ea5fc74edaeb9f021ce7
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: dcmtk
Source-Version: 3.6.9-5+deb13u1
Done: Étienne Mollier <[email protected]>
We believe that the bug you reported is fixed in the latest version of
dcmtk, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Étienne Mollier <[email protected]> (supplier of updated dcmtk package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 11 Jun 2026 20:54:58 +0200
Source: dcmtk
Architecture: source
Version: 3.6.9-5+deb13u1
Distribution: trixie
Urgency: medium
Maintainer: Debian Med Packaging Team
<[email protected]>
Changed-By: Étienne Mollier <[email protected]>
Closes: 1113993 1122926 1123584 1133001 1139181
Changes:
dcmtk (3.6.9-5+deb13u1) trixie; urgency=medium
.
* Team upload
* d/patches/*-CVE-2025-9732.patch: new.
These changes pulled from dcmtk upstream address CVE-2025-9732.
(Closes: #1113993)
* 0015-CVE-2025-14607.patch: new: fix CVE-2025-14607. (Closes: #1122926)
* 0016-CVE-2026-5663.patch: new: fix CVE-2026-5663. (Closes: #1133001)
* 0017-CVE-2025-14841.patch: new: fix CVE-2025-14841. (Closes: #1123584)
* 0018-CVE-2026-10194.patch: new: fix CVE-2026-10194. (Closes: #1139181)
Checksums-Sha1:
5e1b699d67cb0a08c7c60e81b96ffc1ca29d8fac 2565 dcmtk_3.6.9-5+deb13u1.dsc
c51cbd84855942f9793ba4bfbda0e1c6e0bf600e 39136
dcmtk_3.6.9-5+deb13u1.debian.tar.xz
Checksums-Sha256:
614df952dee457e476c7488b3dee4042088b28a8ae57ef086a4b8d7802e3a76b 2565
dcmtk_3.6.9-5+deb13u1.dsc
e5754b405187da6635c82df5e2acc11d5932753c515f27b7222683c4c7a3c3a0 39136
dcmtk_3.6.9-5+deb13u1.debian.tar.xz
Files:
493158ca22e125c80a6e6428e7d09839 2565 science optional
dcmtk_3.6.9-5+deb13u1.dsc
76a6a3f9fce7ec2a4ecdc47851bca701 39136 science optional
dcmtk_3.6.9-5+deb13u1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQJIBAEBCgAyFiEEj5GyJ8fW8rGUjII2eTz2fo8NEdoFAmotpJYUHGVtb2xsaWVy
QGRlYmlhbi5vcmcACgkQeTz2fo8NEdqBaRAAhpHLVU6FoV8HdLKFCDhfWXRRIEEl
s6s2y+vs81ManAeqdPvNEdXXpFr7K6jM0JuQynumbPq6w7S5GFCCAcLA1YiSoPkt
hDDTfatyvMjpXqNYfpiBrAuxkxJcAl7YiD46QE1BIfI1NE1pW7kgZnrDoJv9uNwL
8ht0kziMYTsCoNtbRfFwa6g/JvsZo+K8XrSsVfkdi4iyGRufqskZNtrsOj6y7ffX
2lCI8pj+vXDQ+FqZBl1hiq4dp0wPD1+S4JlOPy3I5RaGROAVkrhhlij5kY7rjdHu
yDalkJieB3BduJaX1ZOs59E1Ls1MquXne3lHfajvkA6gufmqiYicLlhpGCC7TZe5
UVoFs0wcldsKrIUNVCEST9h0+Phg7ma0iBxbvGL0JZy2DBVCxM9EQHMnfhrKI4DD
a/bhnQV2RBeHn2wIK+RbLeXYnnk+8mRi3f//H0ftHJ5EDTydGBJlk6UcTmLS6D34
q9xBxwBlA/kLb6bUqs4gjgDG8zKfwdf9HQ9IYfPPqtqV3J2ucDfV3KiXJG/X20zd
/upKrPlr8VyoiUiOdBcqfZ5iWWaN3dEw857Z9UtIsopPVsC8s4EVwgXu22/iS5Yk
07gm5OK5GaRNohtTdL1ZcVGjNunGLUSXr07J8NqTiYKzfUBni6MOl8TPYeLCmVts
HoSTyC+gq2O8lZA=
=SJaC
-----END PGP SIGNATURE-----
pgp4C4iWyFSy0.pgp
Description: PGP signature
--- End Message ---