On 6/29/22 12:18 PM, Mathieu Malaterre wrote:
Hi there, It turns out there are three CVEs associated with DCMTK version older than 3.6.7. * https://www.hipaajournal.com/warning-issued-about-3-high-severity-vulnerabilities-in-offis-dicom-software/ Should we get in touch with debian-security to have them properly reported ?
Yes. Not to have them reported, but to coordinate uploads to security queue.
I am not clear about the process.
Ah. You might wish to read this paragraph[1,2] from dev-ref, explains it clearly. [1]: https://www.debian.org/doc/manuals/developers-reference/pkgs.en.html#security-uploads [2]: https://www.debian.org/doc/manuals/developers-reference/pkgs.en.html#bug-security -- Best, Nilesh
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature