Your message dated Sat, 18 Jan 2025 19:08:42 +0000
with message-id <[email protected]>
and subject line Bug#1093047: fixed in dcmtk 3.6.8-7
has caused the Debian Bug report #1093047,
regarding dcmtk: CVE-2024-52333
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1093047: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1093047
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: dcmtk
Version: 3.6.8-6
Severity: grave
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for dcmtk.
CVE-2024-52333[0]:
| An improper array index validation vulnerability exists in the
| determineMinMax functionality of OFFIS DCMTK 3.6.8. A specially
| crafted DICOM file can lead to an out-of-bounds write. An attacker
| can provide a malicious file to trigger this vulnerability.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2024-52333
https://www.cve.org/CVERecord?id=CVE-2024-52333
[1] https://talosintelligence.com/vulnerability_reports/TALOS-2024-2121
[2]
https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=03e851b0586d05057c3268988e180ffb426b2e03
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: dcmtk
Source-Version: 3.6.8-7
Done: Étienne Mollier <[email protected]>
We believe that the bug you reported is fixed in the latest version of
dcmtk, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Étienne Mollier <[email protected]> (supplier of updated dcmtk package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 18 Jan 2025 16:30:29 +0100
Source: dcmtk
Architecture: source
Version: 3.6.8-7
Distribution: unstable
Urgency: medium
Maintainer: Debian Med Packaging Team
<[email protected]>
Changed-By: Étienne Mollier <[email protected]>
Closes: 1093043 1093047
Changes:
dcmtk (3.6.8-7) unstable; urgency=medium
.
* Team upload.
* 0001-Fixed-unchecked-typecasts-of-DcmItem-search-results.patch.
Patch refreshed.
* 0004-Fixed-two-segmentation-faults.patch: unfuzz.
* 0007-CVE-2024-47796.patch: new.
This patch addresses CVE-2024-47796. (Closes: #1093043)
* 0008-CVE-2024-52333.patch: new.
This patch addresses CVE-2024-52333. (Closes: #1093047)
Checksums-Sha1:
5aaea91f883d62dafb3b4663ed63d10d3107ec3b 2414 dcmtk_3.6.8-7.dsc
352ac55d0f782017da88456615449d39d0bd7a35 56292 dcmtk_3.6.8-7.debian.tar.xz
3c4b6880a2433c478660962e9658f8f24dc392a2 11930 dcmtk_3.6.8-7_amd64.buildinfo
Checksums-Sha256:
63d20ea273456c4d1786028fa44d91f9c1838fa78d38cd85485746b8da713c9e 2414
dcmtk_3.6.8-7.dsc
dc3185e8e81794c6838d9ec0c4d9404c86c1d33c7239e452d1ae43fcfbc4218c 56292
dcmtk_3.6.8-7.debian.tar.xz
64ed79ab5d888814a266ec8670f6471cec57b313da22faa4139c27e4c9c4c1f5 11930
dcmtk_3.6.8-7_amd64.buildinfo
Files:
860ef236925563ac5d87d984b7920de0 2414 science optional dcmtk_3.6.8-7.dsc
5290eee82ce622778c38fe254b4dc5c3 56292 science optional
dcmtk_3.6.8-7.debian.tar.xz
c971efd9b3d7846a230c1331363c4395 11930 science optional
dcmtk_3.6.8-7_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJIBAEBCgAyFiEEj5GyJ8fW8rGUjII2eTz2fo8NEdoFAmeL8xgUHGVtb2xsaWVy
QGRlYmlhbi5vcmcACgkQeTz2fo8NEdoxBw//RoqTMQo+IaIDruTl7azXey88twAs
9Kl8BpkSut2hAmxRDVUbH5/+f3TRawEk8RklKjn1yeVqq1fhTn31sd1WRGt1WsDa
oz5M6Qdw7mBaADXdJ6nKatD0jRoIVNlKl6/z4BUSV//JSb3qybH4wtfExzKK892m
4uwzVw6xT5A7FM3Y2CDHqusLVyzl7gx9oSlX7OAMtwO6VUCTuFpzd7zC4fUhOf6c
Z8wZrnd+gKDduTMtSXti+VQWUREcIHv/fRpQEEL42GEV8uLUXfMcr0Co3F9Q6lEE
MSczS5c28Oo1yBPeQH9mk5SD+CYnNe7Xt3id86kR6zXDKuVeFWC3Gl4cCU+LCbvB
Hgea+bleDDW5tnHOjx/lCzMfG2P2eoNkgw5kvOK02qShhr20HwqqoYv6M0vq4Ruc
y744xaVjingl6ROBy8cmIaRfq7hxVgwINAE7Jm30HU2iIJoJj00/C4whV0HJXm2B
0uJ5yVY6F8q2DbvgFtAmmrPMVud4xqE0pP2EWBMaulMiP1TxrMtV28mWocmxNmMj
XN7qRSbAk6M28Jy49v++24TrOAZ+XJiDRVoiZdF2ukBbMUeAckP8p+Kzfx4o9yrR
lkjQO4sr5D/QiMQHUalnga3jDRpX/NEFfO/3pietojxsnPU3Hrv5HC42Jt+T5BGm
uSnrMw4nr/qD/cI=
=9L0K
-----END PGP SIGNATURE-----
pgpfCD1T5IzT_.pgp
Description: PGP signature
--- End Message ---
