Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

dcmtk: remote stack buffer overflow CVE-2015-8979

Related Vulnerabilities: CVE-2015-8979  

Source

Debian Bug report logs - #848830
dcmtk: remote stack buffer overflow CVE-2015-8979

version graph

Package: dcmtk; Maintainer for dcmtk is Debian Med Packaging Team <debian-med-packaging@lists.alioth.debian.org>; Source for dcmtk is src:dcmtk (PTS, buildd, popcon).

Reported by: Balint Reczey <balint@balintreczey.hu>

Date: Tue, 20 Dec 2016 02:12:05 UTC

Severity: grave

Tags: security

Found in versions dcmtk/3.6.0-12, dcmtk/3.6.0-15

Fixed in versions 3.6.0-12+deb7u1, dcmtk/3.6.1~20160216-1, dcmtk/3.6.0-15+deb8u1

Done: Gert Wollny <gw.fossdev@gmail.com>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, Debian Med Packaging Team <debian-med-packaging@lists.alioth.debian.org>:
Bug#848830; Package dcmtk. (Tue, 20 Dec 2016 02:12:08 GMT) (full text, mbox, link).

Acknowledgement sent to Balint Reczey <balint@balintreczey.hu>:
New Bug report received and forwarded. Copy sent to Debian Med Packaging Team <debian-med-packaging@lists.alioth.debian.org>. (Tue, 20 Dec 2016 02:12:08 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Balint Reczey <balint@balintreczey.hu>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: dcmtk: remote stack buffer overflow CVE-2015-8979
Date: Tue, 20 Dec 2016 03:09:36 +0100
Package: dcmtk
Severity: grave
Version: 3.6.0-15
Tags: security

Hi,

the following vulnerability was published for dcmtk.

CVE-2015-8979[0]:
remote stack buffer overflow

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2015-8979
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8979
Please adjust the affected versions in the BTS as needed.

Marked as found in versions dcmtk/3.6.0-12. Request was from Balint Reczey <balint@balintreczey.hu> to control@bugs.debian.org. (Tue, 20 Dec 2016 02:21:02 GMT) (full text, mbox, link).

Marked as fixed in versions dcmtk/3.6.1~20160216-1. Request was from Balint Reczey <balint@balintreczey.hu> to control@bugs.debian.org. (Tue, 20 Dec 2016 02:21:03 GMT) (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Med Packaging Team <debian-med-packaging@lists.alioth.debian.org>:
Bug#848830; Package dcmtk. (Fri, 30 Dec 2016 07:24:02 GMT) (full text, mbox, link).

Acknowledgement sent to Tobias Frost <tobi@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Med Packaging Team <debian-med-packaging@lists.alioth.debian.org>. (Fri, 30 Dec 2016 07:24:02 GMT) (full text, mbox, link).

Message #14 received at 848830@bugs.debian.org (full text, mbox, reply):

From: Tobias Frost <tobi@debian.org>
To: 848830@bugs.debian.org
Subject: Re: dcmtk: remote stack buffer overflow CVE-2015-8979
Date: Fri, 30 Dec 2016 08:21:45 +0100
Hi Balint,

this bug can be closed, can't it?

--
tobi

Marked as fixed in versions dcmtk/3.6.0-15+deb8u1. Request was from Tobias Frost <tobi@debian.org> to control@bugs.debian.org. (Fri, 30 Dec 2016 07:24:04 GMT) (full text, mbox, link).

Marked as fixed in versions 3.6.0-12+deb7u1. Request was from Tobias Frost <tobi@debian.org> to control@bugs.debian.org. (Fri, 30 Dec 2016 07:24:05 GMT) (full text, mbox, link).

Reply sent to Gert Wollny <gw.fossdev@gmail.com>:
You have taken responsibility. (Sat, 31 Dec 2016 21:03:11 GMT) (full text, mbox, link).

Notification sent to Balint Reczey <balint@balintreczey.hu>:
Bug acknowledged by developer. (Sat, 31 Dec 2016 21:03:11 GMT) (full text, mbox, link).

Message #23 received at 848830-close@bugs.debian.org (full text, mbox, reply):

From: Gert Wollny <gw.fossdev@gmail.com>
To: 848830-close@bugs.debian.org
Subject: Bug#848830: fixed in dcmtk 3.6.0-15+deb8u1
Date: Sat, 31 Dec 2016 21:02:08 +0000
Source: dcmtk
Source-Version: 3.6.0-15+deb8u1

We believe that the bug you reported is fixed in the latest version of
dcmtk, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 848830@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Gert Wollny <gw.fossdev@gmail.com> (supplier of updated dcmtk package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 23 Dec 2016 12:28:03 +0100
Source: dcmtk
Binary: dcmtk libdcmtk2 libdcmtk2-dev dcmtk-www dcmtk-doc libdcmtk2-dbg
Architecture: source all amd64
Version: 3.6.0-15+deb8u1
Distribution: stable
Urgency: medium
Maintainer: Debian Med Packaging Team <debian-med-packaging@lists.alioth.debian.org>
Changed-By: Gert Wollny <gw.fossdev@gmail.com>
Description:
 dcmtk      - OFFIS DICOM toolkit command line utilities
 dcmtk-doc  - OFFIS DICOM toolkit documentation
 dcmtk-www  - OFFIS DICOM toolkit worklist www server application
 libdcmtk2  - OFFIS DICOM toolkit runtime libraries
 libdcmtk2-dbg - OFFIS DICOM toolkit library debugging symbols
 libdcmtk2-dev - OFFIS DICOM toolkit development libraries and headers
Closes: 848830
Changes:
 dcmtk (3.6.0-15+deb8u1) jessie-security; urgency=medium
 .
   * Team upload
   * d/p/0001: Add patch to fix CVE-2015-8979, Closes: #848830
     The patch was taken from v 3.6.0-6+deb7u1 where the same
     security vunerability was fixed by the wheezy LST team.
Checksums-Sha1:
 607ccc7ff1df5e1ff62c89174c13740a1369378b 2108 dcmtk_3.6.0-15+deb8u1.dsc
 9c34d047ace8a577011c37febf86940ed7d8cc0e 59900 dcmtk_3.6.0-15+deb8u1.debian.tar.xz
 af2bfbd2efcf9f6c25ff409c1dc94f3e019f0bcb 5361556 dcmtk-doc_3.6.0-15+deb8u1_all.deb
 adca8d855cb1bb2aed51a0c7868087d362fb71c8 942122 dcmtk_3.6.0-15+deb8u1_amd64.deb
 62a7e1e599d7770c4e714f611520e82d9cea1361 2733536 libdcmtk2_3.6.0-15+deb8u1_amd64.deb
 e383fa5d34dbf1c7a42caebca33276b52218ee74 3291496 libdcmtk2-dev_3.6.0-15+deb8u1_amd64.deb
 14b49b712cfa3564ce1b624982d962890316e69c 135616 dcmtk-www_3.6.0-15+deb8u1_amd64.deb
 06fbe22f5354c7caba2e4df850d6e978d2e6ebbe 20935170 libdcmtk2-dbg_3.6.0-15+deb8u1_amd64.deb
Checksums-Sha256:
 b7d995b5623bbd3437f3894f9ae46bcb66747e31404c883e46ca288c9a8fe07d 2108 dcmtk_3.6.0-15+deb8u1.dsc
 a40ecd9615d228dba886d70866891f8970329a4fa003417b76dc7c6e1c5362e0 59900 dcmtk_3.6.0-15+deb8u1.debian.tar.xz
 6816336f9a37f2a017302215ff0bfad186f518728a5695fd3300314442a52ddd 5361556 dcmtk-doc_3.6.0-15+deb8u1_all.deb
 7cb453f36e504fc9affe2096013e752444ef4291c01c444c414ac7de110bbf0b 942122 dcmtk_3.6.0-15+deb8u1_amd64.deb
 f9c3bd0fe358ec008283336ec4df1b9de28b405a6c7e5f62ab9e89fb5836f8d1 2733536 libdcmtk2_3.6.0-15+deb8u1_amd64.deb
 88d594f6f953c6539dc2d4c88e38b96b92be23e2fa47b610aeb249cfaf669dc0 3291496 libdcmtk2-dev_3.6.0-15+deb8u1_amd64.deb
 489a77b5734c603dc080aaba240d03bbb747ada7223305d588544a71704924c0 135616 dcmtk-www_3.6.0-15+deb8u1_amd64.deb
 31b014fe2d0a6fafdefc660bbec2275d31a7c62bfa2a79910d56fa21361def95 20935170 libdcmtk2-dbg_3.6.0-15+deb8u1_amd64.deb
Files:
 9749be41697bbfdd37ece6df32c7b463 2108 science optional dcmtk_3.6.0-15+deb8u1.dsc
 f753e3fe0e98629396247f9e47663463 59900 science optional dcmtk_3.6.0-15+deb8u1.debian.tar.xz
 335ddc8d909b69e832747c9d51f098a4 5361556 doc optional dcmtk-doc_3.6.0-15+deb8u1_all.deb
 82c6548ce9814777c1bf121702443a3b 942122 science optional dcmtk_3.6.0-15+deb8u1_amd64.deb
 fb14a9c643055eaf2d272491e3e144d3 2733536 libs optional libdcmtk2_3.6.0-15+deb8u1_amd64.deb
 b5543470890d6b01a6204c7b62525085 3291496 libdevel optional libdcmtk2-dev_3.6.0-15+deb8u1_amd64.deb
 3fb669c87ce6f472c047440deb9dac3e 135616 web optional dcmtk-www_3.6.0-15+deb8u1_amd64.deb
 21737e8b17887e5fe5aba8f7f2d78c01 20935170 debug extra libdcmtk2-dbg_3.6.0-15+deb8u1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEEAqSkbVtrXP4xJMh4EL6Jg/PVnWQFAlhjfzwACgkQEL6Jg/PV
nWTglQgAw6p0IUgzjyhrt3Q/oMUoEWWP8xr+XmZaF9qrJWUETbnmqUu+Mf/G3SR6
M3Q751kTSU1AV/J4LSC0SaE+rEqHV18pEGXfBQUYqcRJc+fPxAdJ/mCXfMInNPFP
kEf0+MCpuOX2Oo/H8pXIEdm07NJzMaMhAfshcDQMeAa523gaj7GCz5FL3ufLQSpx
jXz6WIBOfoPc1RmyzZKL7RL+P6Fyz6zKIDtSdm7HMnK0zPjTJwiGxGRb7+ccNork
/fF2cyRUXzXrCogoUbI+lsolgLSZ0Hg1btlpz6N+y0PX4hc4rkjAuUCwZBuxrPlz
W+ZCD+73xLz5/AkLk6ga7/IqdePPRA==
=ofWc
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Thu, 09 Feb 2017 07:27:35 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 14:58:11 2019; Machine Name: beach

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started