Santiago Vila pushed to branch master at Debian Med / invesalius
Commits: 9c9d6599 by Adrian Bunk at 2026-05-07T12:50:00+02:00 Fix CVE-2024-42845 (eval injection in DICOM reader). Closes: #1082875. - - - - - d4dd1451 by Santiago Vila at 2026-05-07T12:51:00+02:00 d/control: Drop "Rules-Requires-Root: no" (default). - - - - - a2f25409 by Santiago Vila at 2026-05-07T12:52:00+02:00 d/control: Drop "Priority: optional" (default). - - - - - 71d8b049 by Santiago Vila at 2026-05-07T12:53:00+02:00 d/control: Update standards-version. - - - - - d8f7b5a1 by Santiago Vila at 2026-05-07T12:54:00+02:00 d/salsa-ci.yml: Use the simplified version. - - - - - cf360b5c by Santiago Vila at 2026-05-07T12:55:00+02:00 Upload for unstable as 3.1.99998-8 - - - - - 5 changed files: - debian/changelog - debian/control - + debian/patches/fix-cve-2024-42845.patch - debian/patches/series - debian/salsa-ci.yml Changes: ===================================== debian/changelog ===================================== @@ -1,3 +1,18 @@ +invesalius (3.1.99998-8) unstable; urgency=medium + + * Team upload. + + [ Adrian Bunk ] + * Fix CVE-2024-42845 (eval injection in DICOM reader). Closes: #1082875. + + [ Santiago Vila ] + * Drop "Rules-Requires-Root: no" (default). + * Drop "Priority: optional" (default). + * Update standards-version. + * Simplify salsa-ci.yml. + + -- Santiago Vila <[email protected]> Thu, 07 May 2026 12:55:00 +0200 + invesalius (3.1.99998-7) unstable; urgency=medium * Team upload. ===================================== debian/control ===================================== @@ -3,7 +3,6 @@ Maintainer: Debian Med Packaging Team <[email protected]. Uploaders: Andreas Tille <[email protected]>, Thiago Franco de Moraes <[email protected]> Section: graphics -Priority: optional Build-Depends: debhelper-compat (= 13), python3-dev, python3-setuptools, @@ -13,11 +12,10 @@ Build-Depends: debhelper-compat (= 13), python3-numpy, python3-puremagic Build-Depends-Indep: python3 -Standards-Version: 4.7.0 +Standards-Version: 4.7.4 Vcs-Browser: https://salsa.debian.org/med-team/invesalius Vcs-Git: https://salsa.debian.org/med-team/invesalius.git Homepage: https://www.cti.gov.br/invesalius/ -Rules-Requires-Root: no Package: invesalius Architecture: all ===================================== debian/patches/fix-cve-2024-42845.patch ===================================== @@ -0,0 +1,24 @@ +From: Thiago Franco de Moraes <[email protected]> +Subject: Removed eval from dicom.py (#820) +Origin: upstream, https://github.com/invesalius/invesalius3/commit/020cd6056c30105a870cfea99939282b6ec5640b + +--- a/invesalius/reader/dicom.py ++++ b/invesalius/reader/dicom.py +@@ -443,7 +443,7 @@ + except (KeyError): + return "" + if data: +- return [eval(value) for value in data.split("\\")] ++ return [float(value) for value in data.split("\\")] + return "" + + def GetImageLocation(self): +@@ -456,7 +456,7 @@ + """ + data = self.data_image[str(0x020)][str(0x1041)] + if data: +- return eval(data) ++ return float(data) + return "" + + def GetImageOffset(self): ===================================== debian/patches/series ===================================== @@ -7,3 +7,4 @@ python3.13 fix-my-types.patch workaround-dropped-inner1d.patch +fix-cve-2024-42845.patch ===================================== debian/salsa-ci.yml ===================================== @@ -1,4 +1,3 @@ --- include: - - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/salsa-ci.yml - - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/pipeline-jobs.yml + - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/recipes/debian.yml View it on GitLab: https://salsa.debian.org/med-team/invesalius/-/compare/b0bfc31613cfe3b674a86dc03c0eba2ea46cbacc...cf360b5c05183ee8230eddd42203907f21eb19f2 -- View it on GitLab: https://salsa.debian.org/med-team/invesalius/-/compare/b0bfc31613cfe3b674a86dc03c0eba2ea46cbacc...cf360b5c05183ee8230eddd42203907f21eb19f2 You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
_______________________________________________ debian-med-commit mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-med-commit
