Bug#1078176: bookworm-pu: package dcm2niix/1.0.20220720-1+deb12u1

To: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 1078176@bugs.debian.org
Subject: Bug#1078176: bookworm-pu: package dcm2niix/1.0.20220720-1+deb12u1
From: Étienne Mollier <emollier@debian.org>
Date: Sat, 17 Aug 2024 19:28:01 +0200
Message-id: <[🔎] ZsDdodITtPSJ35JV@emlwks999.eu>
Reply-to: Étienne Mollier <emollier@debian.org>, 1078176@bugs.debian.org
In-reply-to: <[🔎] 18c6e5dd883cba9d6100e4462c75dd9ca7b0ecce.camel@adam-barratt.org.uk>
References: <[🔎] ZrPmIgGWxq2MxjLN@emlwks999.eu> <[🔎] ZrPmIgGWxq2MxjLN@emlwks999.eu> <[🔎] 18c6e5dd883cba9d6100e4462c75dd9ca7b0ecce.camel@adam-barratt.org.uk> <[🔎] ZrPmIgGWxq2MxjLN@emlwks999.eu>

Adam D. Barratt, on 2024-08-17:
> On Wed, 2024-08-07 at 23:24 +0200, Étienne Mollier wrote:
> > dcm2niix is affected by minor security issue CVE-2024-27629 in
> > bookworm: a local attacker can execute arbitrary code as the
> > generated file name is not properly escaped and injected into a
> > system call when certain types of compression are used.
> 
> Please go ahead.

Uploaded, thank you!

> Regards,

Have a nice day,  :)
-- 
  .''`.  Étienne Mollier <emollier@debian.org>
 : :' :  pgp: 8f91 b227 c7d6 f2b1 948c  8236 793c f67e 8f0d 11da
 `. `'   sent from /dev/pts/1, please excuse my verbosity
   `-

Attachment: signature.asc
Description: PGP signature

Reply to:

References:
- Bug#1078176: bookworm-pu: package dcm2niix/1.0.20220720-1+deb12u1
  - From: Étienne Mollier <emollier@debian.org>
- Bug#1078176: bookworm-pu: package dcm2niix/1.0.20220720-1+deb12u1
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

Prev by Date: Bug#1077549: bookworm-pu: package xmedcon/0.23.0-gtk3+dfsg-1+deb12u1
Next by Date: Bug#1078781: bookworm-pu: package amd64-microcode/3.20240710.2~deb12u1
Previous by thread: Bug#1078176: bookworm-pu: package dcm2niix/1.0.20220720-1+deb12u1
Next by thread: Processed: Re: Bug#1078176: bookworm-pu: package dcm2niix/1.0.20220720-1+deb12u1
Index(es):
- Date
- Thread