[ubuntu/focal-security] dcmtk 3.6.4-2.1ubuntu0.1 (Accepted)

Nishit Majithia nishit.majithia at canonical.com
Tue Sep 17 07:29:50 UTC 2024


dcmtk (3.6.4-2.1ubuntu0.1) focal-security; urgency=medium

  * SECURITY UPDATE: Denial of Service
    - debian/patches/CVE-2021-41687.patch: fixed null pointer
      dereferences discoverd in the code (CVE-2021-41687, CVE-2021-41688,
      and CVE-2021-41690)
    - debian/patches/CVE-2021-41689.patch: fixed a buffer overflow
      in DU_getStringDOElement function.
    - debian/patches/CVE-2022-2121.patch: fixed a null pointer dereference
    - debian/patches/CVE-2022-43272.patch: fixed a memory leak in
      DcmQueryRetrieveSCP::waitForAssociation function.
    - debian/patches/CVE-2024-28130-1.patch: fixed unchecked typecasts of
      DcmItem::search results.
    - debian/patches/CVE-2024-28130-2.patch: fixed unchecked typecasts and
      fixed LUT handling.
    - debian/patches/CVE-2024-28130-3.patch: fixed wrong error handling
      introduced with the previous patch.
    - debian/patches/CVE-2024-34508,CVE-2024-34509.patch: fixed two
      segmentation faults
    - CVE-2021-41687
    - CVE-2021-41688
    - CVE-2021-41689
    - CVE-2021-41690
    - CVE-2022-2121
    - CVE-2022-43272
    - CVE-2024-28130
    - CVE-2024-34508
    - CVE-2024-34509

Date: 2024-09-03 08:28:09.066508+00:00
Changed-By: Shishir Subedi <shishirsub10 at gmail.com>
Signed-By: Nishit Majithia <nishit.majithia at canonical.com>
https://launchpad.net/ubuntu/+source/dcmtk/3.6.4-2.1ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.


More information about the Focal-changes mailing list