[Git][security-tracker-team/security-tracker][master] 2 commits: Mark CVE-2022-21{19,20,21}/dcmtk as fixed in 3.6.7-1

[Emilio Pozuelo Monfort (@pochu)]

Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
049fe9cd by Emilio Pozuelo Monfort at 2022-08-19T11:56:58+02:00
Mark CVE-2022-21{19,20,21}/dcmtk as fixed in 3.6.7-1

- - - - -
0885ef5d by Emilio Pozuelo Monfort at 2022-08-19T12:17:53+02:00
Add fixing commits for CVE-2022-21{19,20,21}/dcmtk

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -11741,17 +11741,20 @@ CVE-2022-2122 (DOS / potential heap overwrite in 
qtdemux using zlib decompressio
        NOTE: 
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/14d306da6da51a762c4dc701d161bb52ab66d774
        NOTE: 
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/92b5eb1da30fda054daf2f3d30bb4b806910b234
 (1.20.3)
 CVE-2022-2121 (OFFIS DCMTK's (All versions prior to 3.6.7) has a NULL pointer 
derefer ...)
-       - dcmtk <unfixed> (bug #1014044)
+       - dcmtk 3.6.7-1 (bug #1014044)
        [bullseye] - dcmtk <no-dsa> (Minor issue)
        [buster] - dcmtk <no-dsa> (Minor issue)
+       NOTE: Fixed by: 
https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=3e996a2749a9355c9b680fa464ecfd9ab9ff567f
 CVE-2022-2120 (OFFIS DCMTK's (All versions prior to 3.6.7) service class user 
(SCU) i ...)
-       - dcmtk <unfixed> (bug #1014044)
+       - dcmtk 3.6.7-1 (bug #1014044)
        [bullseye] - dcmtk <no-dsa> (Minor issue)
        [buster] - dcmtk <no-dsa> (Minor issue)
+       NOTE: Fixed by: 
https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=f06a867513524664a1b03dfcf812d8b60fdd02cc
 CVE-2022-2119 (OFFIS DCMTK's (All versions prior to 3.6.7) service class 
provider (SC ...)
-       - dcmtk <unfixed> (bug #1014044)
+       - dcmtk 3.6.7-1 (bug #1014044)
        [bullseye] - dcmtk <no-dsa> (Minor issue)
        [buster] - dcmtk <no-dsa> (Minor issue)
+       NOTE: Fixed by: 
https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=f06a867513524664a1b03dfcf812d8b60fdd02cc
 CVE-2022-2118 (The 404s WordPress plugin before 3.5.1 does not sanitise and 
escape it ...)
        NOT-FOR-US: WordPress plugin
 CVE-2014-125025 (A vulnerability classified as problematic has been found in 
FFmpeg 2.0 ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/e6d583568cfe3c9f3d99dfe5e9b87a5b93a28feb...0885ef5d63d6aeae9f0da498eb814ce7ffa0d27d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/e6d583568cfe3c9f3d99dfe5e9b87a5b93a28feb...0885ef5d63d6aeae9f0da498eb814ce7ffa0d27d
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits