Bastien Roucariès pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0fd12f80 by Bastien Roucariès at 2025-06-24T16:00:24+02:00
Reserve DLA-4227-1 for dcmtk
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -17,7 +17,7 @@ CVE-2025-6534 (A vulnerability, which was classified as
problematic, was found i
CVE-2025-6533 (A vulnerability, which was classified as critical, has been
found in x ...)
NOT-FOR-US: novel-plus
CVE-2025-6532 (A vulnerability classified as problematic was found in
NOYAFA/Xiami LF ...)
- NOT-FOR-US: NOYAFA/Xiami LF9 Pro
+ NOT-FOR-US: NOYAFA/Xiami LF9 Pro
CVE-2025-6531 (A vulnerability was found in SIFUSM/MZZYG BD S1 up to 20250611.
It has ...)
NOT-FOR-US: SIFUSM/MZZYG BD S1
CVE-2025-6530 (A vulnerability was found in 70mai M300 up to 20250611. It has
been cl ...)
@@ -266823,13 +266823,11 @@ CVE-2022-2121 (OFFIS DCMTK's (All versions prior to
3.6.7) has a NULL pointer de
NOTE: Fixed by:
https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=3e996a2749a9355c9b680fa464ecfd9ab9ff567f
(DCMTK-3.6.7)
CVE-2022-2120 (OFFIS DCMTK's (All versions prior to 3.6.7) service class user
(SCU) i ...)
- dcmtk 3.6.7-6 (bug #1017743)
- [bullseye] - dcmtk <no-dsa> (Minor issue)
[buster] - dcmtk <no-dsa> (Minor issue)
NOTE: https://support.dcmtk.org/redmine/issues/1021
NOTE: Fixed by:
https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=f06a867513524664a1b03dfcf812d8b60fdd02cc
CVE-2022-2119 (OFFIS DCMTK's (All versions prior to 3.6.7) service class
provider (SC ...)
- dcmtk 3.6.7-6 (bug #1017743)
- [bullseye] - dcmtk <no-dsa> (Minor issue)
[buster] - dcmtk <no-dsa> (Minor issue)
NOTE: https://support.dcmtk.org/redmine/issues/1021
NOTE: Fixed by:
https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=f06a867513524664a1b03dfcf812d8b60fdd02cc
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[24 Jun 2025] DLA-4227-1 dcmtk - security update
+ {CVE-2022-2119 CVE-2022-2120 CVE-2024-47796 CVE-2025-2357
CVE-2025-25472 CVE-2025-25474 CVE-2025-25475}
+ [bullseye] - dcmtk 3.6.5-1+deb11u4
[23 Jun 2025] DLA-4226-1 dns-root-data - DNSSEC trust anchors update
[bullseye] - dns-root-data 2024071801~deb11u1
[23 Jun 2025] DLA-4225-1 gdk-pixbuf - security update
=====================================
data/dla-needed.txt
=====================================
@@ -75,13 +75,6 @@ ckeditor
commons-beanutils (abhijith)
NOTE: 20250607: Added by Front-Desk (ta)
--
-dcmtk (rouca)
- NOTE: 20250220: Added by Front-Desk (Beuc)
- NOTE: 20250220: Previous DLA introduced another regression, this is
CVE-2024-47796.
- NOTE: 20250220: New CVEs were released.
- NOTE: 20250220: Follow/contribute to in-progress PU #1095854
(Beuc/front-desk)
- NOTE: 20250224: See
https://salsa.debian.org/lts-team/packages/dcmtk/-/commits/wip/bullseye (ah)
---
dnsdist
NOTE: 20250521: Added by Front-Desk (Beuc)
NOTE: 20250521: Also fix postponed issue (Beuc/front-desk)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0fd12f8071d57caa4af534b073ceb57776de40e7
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0fd12f8071d57caa4af534b073ceb57776de40e7
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
