CVEs in DCMTK

To: Debian Med Project List <debian-med@lists.debian.org>
Subject: CVEs in DCMTK
From: Mathieu Malaterre <malat@debian.org>
Date: Wed, 29 Jun 2022 08:48:12 +0200
Message-id: <[🔎] CA+7wUswzxHHMDxNksUkt03ro98Sydv4qUHqRy0Gme7H7qvVAhQ@mail.gmail.com>

Hi there,

It turns out there are three CVEs associated with DCMTK version older
than 3.6.7.

* https://www.hipaajournal.com/warning-issued-about-3-high-severity-vulnerabilities-in-offis-dicom-software/

Should we get in touch with debian-security to have them properly
reported ? I am not clear about the process.

Thanks,

Reply to:

Follow-Ups:
- Re: CVEs in DCMTK
  - From: Andreas Tille <tille@debian.org>
- Re: CVEs in DCMTK
  - From: Nilesh Patra <nilesh@nileshpatra.info>

Prev by Date: Re: Removing myself from uploaders in (most) med-packages / Winding down involvement a little
Next by Date: Re: CVEs in DCMTK
Previous by thread: Re: Removing myself from uploaders in (most) med-packages / Winding down involvement a little
Next by thread: Re: CVEs in DCMTK
Index(es):
- Date
- Thread