Re: CVEs in DCMTK

To: Mathieu Malaterre <malat@debian.org>
Cc: Debian Med Project List <debian-med@lists.debian.org>
Subject: Re: CVEs in DCMTK
From: Andreas Tille <tille@debian.org>
Date: Wed, 29 Jun 2022 09:42:28 +0200
Message-id: <[🔎] YrwCZOFpizSAFli6@an3as.eu>
In-reply-to: <[🔎] CA+7wUswzxHHMDxNksUkt03ro98Sydv4qUHqRy0Gme7H7qvVAhQ@mail.gmail.com>
References: <[🔎] CA+7wUswzxHHMDxNksUkt03ro98Sydv4qUHqRy0Gme7H7qvVAhQ@mail.gmail.com>

Hi Mathieu,

Am Wed, Jun 29, 2022 at 08:48:12AM +0200 schrieb Mathieu Malaterre:
> It turns out there are three CVEs associated with DCMTK version older
> than 3.6.7.
> 
> * https://www.hipaajournal.com/warning-issued-about-3-high-severity-vulnerabilities-in-offis-dicom-software/

Thanks for pointing this out.
 
> Should we get in touch with debian-security to have them properly
> reported ? I am not clear about the process.

I think the first step is to file an according bug report - may be with
debian-security right in CC asking for further advise.

Kind regards

       Andreas. 

-- 
http://fam-tille.de

Reply to:

References:
- CVEs in DCMTK
  - From: Mathieu Malaterre <malat@debian.org>

Prev by Date: CVEs in DCMTK
Next by Date: Re: CVEs in DCMTK
Previous by thread: CVEs in DCMTK
Next by thread: Re: CVEs in DCMTK
Index(es):
- Date
- Thread