[Git][security-tracker-team/security-tracker][master] Track fixed version for dcmtk issues fixed via unstable

Wed, 19 Feb 2025 14:41:22 -0800 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
787ac9bc by Salvatore Bonaccorso at 2025-02-19T23:39:56+01:00
Track fixed version for dcmtk issues fixed via unstable

Not updating the version for CVE-2024-47796 and CVE-2024-52333 as the
lost patches were only in experimental and one single version 3.6.9-3 in
unstable and shortly fixed by maintainer with the 3.6.9-4 afterwards.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -146,11 +146,11 @@ CVE-2025-25892 (A buffer overflow vulnerability was 
discovered in D-Link DSL-378
 CVE-2025-25891 (A buffer overflow vulnerability was discovered in D-Link 
DSL-3782 v1.0 ...)
        NOT-FOR-US: D-Link
 CVE-2025-25475 (A NULL pointer dereference in the component 
/libsrc/dcrleccd.cc of DCM ...)
-       - dcmtk <unfixed> (bug #1098373)
+       - dcmtk 3.6.9-4 (bug #1098373)
        [bookworm] - dcmtk <no-dsa> (Minor issue)
        NOTE: Fixed by: 
https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=bffa3e9116abb7038b432443f16b1bd390e80245
 CVE-2025-25474 (DCMTK v3.6.9+ DEV was discovered to contain a buffer overflow 
via the  ...)
-       - dcmtk <unfixed> (bug #1098374)
+       - dcmtk 3.6.9-4 (bug #1098374)
        NOTE: Fixed by: 
https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=1d205bcd307164c99e0d4bbf412110372658d847
 CVE-2025-25473 (FFmpeg git master before commit c08d30 was discovered to 
contain a NUL ...)
        - ffmpeg <unfixed>
@@ -158,7 +158,7 @@ CVE-2025-25473 (FFmpeg git master before commit c08d30 was 
discovered to contain
        NOTE: https://trac.ffmpeg.org/ticket/11419
        NOTE: Fixed by: 
https://git.ffmpeg.org/gitweb/ffmpeg.git/commitdiff/c08d300481b8ebb846cd43a473988fdbc6793d1b
 CVE-2025-25472 (A buffer overflow in DCMTK git master v3.6.9+ DEV allows 
attackers to  ...)
-       - dcmtk <unfixed>
+       - dcmtk 3.6.9-4
        NOTE: Introduced by fix for CVE-2024-47796: 
https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=89a6e399f1e17d08a8bc8cdaa05b2ac9a50cd4f6
        NOTE: Fixed by: 
https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=410ffe2019b9db6a8f4036daac742a6f5e4d36c2
 CVE-2025-25471 (FFmpeg git master before commit fd1772 was discovered to 
contain a NUL ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/787ac9bce213706065c4d5534cb63fed68c9b637

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/787ac9bce213706065c4d5534cb63fed68c9b637
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to