Debian Bug report logs -
#848830
dcmtk: remote stack buffer overflow CVE-2015-8979
Reported by: Balint Reczey <balint@balintreczey.hu>
Date: Tue, 20 Dec 2016 02:12:05 UTC
Severity: grave
Tags: security
Found in versions dcmtk/3.6.0-12, dcmtk/3.6.0-15
Fixed in versions 3.6.0-12+deb7u1, dcmtk/3.6.1~20160216-1, dcmtk/3.6.0-15+deb8u1
Done: Gert Wollny <gw.fossdev@gmail.com>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, Debian Med Packaging Team <debian-med-packaging@lists.alioth.debian.org>
:
Bug#848830
; Package dcmtk
.
(Tue, 20 Dec 2016 02:12:08 GMT) (full text, mbox, link).
Acknowledgement sent
to Balint Reczey <balint@balintreczey.hu>
:
New Bug report received and forwarded. Copy sent to Debian Med Packaging Team <debian-med-packaging@lists.alioth.debian.org>
.
(Tue, 20 Dec 2016 02:12:08 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: dcmtk
Severity: grave
Version: 3.6.0-15
Tags: security
Hi,
the following vulnerability was published for dcmtk.
CVE-2015-8979[0]:
remote stack buffer overflow
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2015-8979
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8979
Please adjust the affected versions in the BTS as needed.
Marked as found in versions dcmtk/3.6.0-12.
Request was from Balint Reczey <balint@balintreczey.hu>
to control@bugs.debian.org
.
(Tue, 20 Dec 2016 02:21:02 GMT) (full text, mbox, link).
Marked as fixed in versions dcmtk/3.6.1~20160216-1.
Request was from Balint Reczey <balint@balintreczey.hu>
to control@bugs.debian.org
.
(Tue, 20 Dec 2016 02:21:03 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Med Packaging Team <debian-med-packaging@lists.alioth.debian.org>
:
Bug#848830
; Package dcmtk
.
(Fri, 30 Dec 2016 07:24:02 GMT) (full text, mbox, link).
Acknowledgement sent
to Tobias Frost <tobi@debian.org>
:
Extra info received and forwarded to list. Copy sent to Debian Med Packaging Team <debian-med-packaging@lists.alioth.debian.org>
.
(Fri, 30 Dec 2016 07:24:02 GMT) (full text, mbox, link).
Message #14 received at 848830@bugs.debian.org (full text, mbox, reply):
Hi Balint,
this bug can be closed, can't it?
--
tobi
Marked as fixed in versions dcmtk/3.6.0-15+deb8u1.
Request was from Tobias Frost <tobi@debian.org>
to control@bugs.debian.org
.
(Fri, 30 Dec 2016 07:24:04 GMT) (full text, mbox, link).
Marked as fixed in versions 3.6.0-12+deb7u1.
Request was from Tobias Frost <tobi@debian.org>
to control@bugs.debian.org
.
(Fri, 30 Dec 2016 07:24:05 GMT) (full text, mbox, link).
Reply sent
to Gert Wollny <gw.fossdev@gmail.com>
:
You have taken responsibility.
(Sat, 31 Dec 2016 21:03:11 GMT) (full text, mbox, link).
Notification sent
to Balint Reczey <balint@balintreczey.hu>
:
Bug acknowledged by developer.
(Sat, 31 Dec 2016 21:03:11 GMT) (full text, mbox, link).
Message #23 received at 848830-close@bugs.debian.org (full text, mbox, reply):
Source: dcmtk
Source-Version: 3.6.0-15+deb8u1
We believe that the bug you reported is fixed in the latest version of
dcmtk, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 848830@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Gert Wollny <gw.fossdev@gmail.com> (supplier of updated dcmtk package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 23 Dec 2016 12:28:03 +0100
Source: dcmtk
Binary: dcmtk libdcmtk2 libdcmtk2-dev dcmtk-www dcmtk-doc libdcmtk2-dbg
Architecture: source all amd64
Version: 3.6.0-15+deb8u1
Distribution: stable
Urgency: medium
Maintainer: Debian Med Packaging Team <debian-med-packaging@lists.alioth.debian.org>
Changed-By: Gert Wollny <gw.fossdev@gmail.com>
Description:
dcmtk - OFFIS DICOM toolkit command line utilities
dcmtk-doc - OFFIS DICOM toolkit documentation
dcmtk-www - OFFIS DICOM toolkit worklist www server application
libdcmtk2 - OFFIS DICOM toolkit runtime libraries
libdcmtk2-dbg - OFFIS DICOM toolkit library debugging symbols
libdcmtk2-dev - OFFIS DICOM toolkit development libraries and headers
Closes: 848830
Changes:
dcmtk (3.6.0-15+deb8u1) jessie-security; urgency=medium
.
* Team upload
* d/p/0001: Add patch to fix CVE-2015-8979, Closes: #848830
The patch was taken from v 3.6.0-6+deb7u1 where the same
security vunerability was fixed by the wheezy LST team.
Checksums-Sha1:
607ccc7ff1df5e1ff62c89174c13740a1369378b 2108 dcmtk_3.6.0-15+deb8u1.dsc
9c34d047ace8a577011c37febf86940ed7d8cc0e 59900 dcmtk_3.6.0-15+deb8u1.debian.tar.xz
af2bfbd2efcf9f6c25ff409c1dc94f3e019f0bcb 5361556 dcmtk-doc_3.6.0-15+deb8u1_all.deb
adca8d855cb1bb2aed51a0c7868087d362fb71c8 942122 dcmtk_3.6.0-15+deb8u1_amd64.deb
62a7e1e599d7770c4e714f611520e82d9cea1361 2733536 libdcmtk2_3.6.0-15+deb8u1_amd64.deb
e383fa5d34dbf1c7a42caebca33276b52218ee74 3291496 libdcmtk2-dev_3.6.0-15+deb8u1_amd64.deb
14b49b712cfa3564ce1b624982d962890316e69c 135616 dcmtk-www_3.6.0-15+deb8u1_amd64.deb
06fbe22f5354c7caba2e4df850d6e978d2e6ebbe 20935170 libdcmtk2-dbg_3.6.0-15+deb8u1_amd64.deb
Checksums-Sha256:
b7d995b5623bbd3437f3894f9ae46bcb66747e31404c883e46ca288c9a8fe07d 2108 dcmtk_3.6.0-15+deb8u1.dsc
a40ecd9615d228dba886d70866891f8970329a4fa003417b76dc7c6e1c5362e0 59900 dcmtk_3.6.0-15+deb8u1.debian.tar.xz
6816336f9a37f2a017302215ff0bfad186f518728a5695fd3300314442a52ddd 5361556 dcmtk-doc_3.6.0-15+deb8u1_all.deb
7cb453f36e504fc9affe2096013e752444ef4291c01c444c414ac7de110bbf0b 942122 dcmtk_3.6.0-15+deb8u1_amd64.deb
f9c3bd0fe358ec008283336ec4df1b9de28b405a6c7e5f62ab9e89fb5836f8d1 2733536 libdcmtk2_3.6.0-15+deb8u1_amd64.deb
88d594f6f953c6539dc2d4c88e38b96b92be23e2fa47b610aeb249cfaf669dc0 3291496 libdcmtk2-dev_3.6.0-15+deb8u1_amd64.deb
489a77b5734c603dc080aaba240d03bbb747ada7223305d588544a71704924c0 135616 dcmtk-www_3.6.0-15+deb8u1_amd64.deb
31b014fe2d0a6fafdefc660bbec2275d31a7c62bfa2a79910d56fa21361def95 20935170 libdcmtk2-dbg_3.6.0-15+deb8u1_amd64.deb
Files:
9749be41697bbfdd37ece6df32c7b463 2108 science optional dcmtk_3.6.0-15+deb8u1.dsc
f753e3fe0e98629396247f9e47663463 59900 science optional dcmtk_3.6.0-15+deb8u1.debian.tar.xz
335ddc8d909b69e832747c9d51f098a4 5361556 doc optional dcmtk-doc_3.6.0-15+deb8u1_all.deb
82c6548ce9814777c1bf121702443a3b 942122 science optional dcmtk_3.6.0-15+deb8u1_amd64.deb
fb14a9c643055eaf2d272491e3e144d3 2733536 libs optional libdcmtk2_3.6.0-15+deb8u1_amd64.deb
b5543470890d6b01a6204c7b62525085 3291496 libdevel optional libdcmtk2-dev_3.6.0-15+deb8u1_amd64.deb
3fb669c87ce6f472c047440deb9dac3e 135616 web optional dcmtk-www_3.6.0-15+deb8u1_amd64.deb
21737e8b17887e5fe5aba8f7f2d78c01 20935170 debug extra libdcmtk2-dbg_3.6.0-15+deb8u1_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCgAdFiEEAqSkbVtrXP4xJMh4EL6Jg/PVnWQFAlhjfzwACgkQEL6Jg/PV
nWTglQgAw6p0IUgzjyhrt3Q/oMUoEWWP8xr+XmZaF9qrJWUETbnmqUu+Mf/G3SR6
M3Q751kTSU1AV/J4LSC0SaE+rEqHV18pEGXfBQUYqcRJc+fPxAdJ/mCXfMInNPFP
kEf0+MCpuOX2Oo/H8pXIEdm07NJzMaMhAfshcDQMeAa523gaj7GCz5FL3ufLQSpx
jXz6WIBOfoPc1RmyzZKL7RL+P6Fyz6zKIDtSdm7HMnK0zPjTJwiGxGRb7+ccNork
/fF2cyRUXzXrCogoUbI+lsolgLSZ0Hg1btlpz6N+y0PX4hc4rkjAuUCwZBuxrPlz
W+ZCD+73xLz5/AkLk6ga7/IqdePPRA==
=ofWc
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Thu, 09 Feb 2017 07:27:35 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 14:58:11 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.