Your message dated Mon, 08 Jun 2026 19:05:48 +0000
with message-id <[email protected]>
and subject line Bug#1139181: fixed in dcmtk 3.7.0+really3.7.0-5
has caused the Debian Bug report #1139181,
regarding dcmtk: CVE-2026-10194
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1139181: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1139181
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: dcmtk
Version: 3.7.0+really3.7.0-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for dcmtk.
CVE-2026-10194[0]:
| A weakness has been identified in OFFIS DCMTK 3.7.0. This affects
| the function DcmQueryRetrieveIndexDatabaseHandle::deleteOldestImages
| of the file dcmqrdb/libsrc/dcmqrdbi.cc of the component dcmqrscp.
| Executing a manipulation can lead to heap-based buffer overflow. The
| attack may be launched remotely. This patch is called
| 0f78a4ef6f645ea5530166e445e5436a5de58e75. A patch should be applied
| to remediate this issue.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2026-10194
https://www.cve.org/CVERecord?id=CVE-2026-10194
[1]
https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=0f78a4ef6f645ea5530166e445e5436a5de58e75
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: dcmtk
Source-Version: 3.7.0+really3.7.0-5
Done: Étienne Mollier <[email protected]>
We believe that the bug you reported is fixed in the latest version of
dcmtk, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Étienne Mollier <[email protected]> (supplier of updated dcmtk package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 08 Jun 2026 19:14:40 +0200
Source: dcmtk
Architecture: source
Version: 3.7.0+really3.7.0-5
Distribution: unstable
Urgency: high
Maintainer: Debian Med Packaging Team
<[email protected]>
Changed-By: Étienne Mollier <[email protected]>
Closes: 1139181
Changes:
dcmtk (3.7.0+really3.7.0-5) unstable; urgency=high
.
* CVE-2026-10194.patch: new: fix CVE-2026-10194. (Closes: #1139181)
* d/control: add myself to uploaders.
Checksums-Sha1:
a139d6c2607e8082604deca3f6d4f8883f0a2849 2709 dcmtk_3.7.0+really3.7.0-5.dsc
95d4129db6bc35eeb840c41e5e66c61442961284 33128
dcmtk_3.7.0+really3.7.0-5.debian.tar.xz
Checksums-Sha256:
2950cade535de320cba90c11d22916b74d4f17e75e9a1df1cf8fae1a90910d26 2709
dcmtk_3.7.0+really3.7.0-5.dsc
8e286864a9a40a78ccefcd5bdab117bd7cc5426c384175ce7085562ac8a92bed 33128
dcmtk_3.7.0+really3.7.0-5.debian.tar.xz
Files:
e33a1e252754530d7c908f85f7a080ed 2709 science optional
dcmtk_3.7.0+really3.7.0-5.dsc
42100c867d9811398a82e3b86c947737 33128 science optional
dcmtk_3.7.0+really3.7.0-5.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQJIBAEBCgAyFiEEj5GyJ8fW8rGUjII2eTz2fo8NEdoFAmonDWsUHGVtb2xsaWVy
QGRlYmlhbi5vcmcACgkQeTz2fo8NEdrsfxAAvSm+myVffaEC8EEw+0M56fpgyqbC
fTuENzF4C/vhsKsMX/QqxRZ7Tt56ZsYBA/lOlWFdi90aqmP0kI2FD2jVmtTVIXBx
+LdQ7Q1oR0QEZo73suVJcMWSvO+K49w6n2/pfZciUjsTW+kTzVoezs/8qUstX+Iq
f8eixp8nE2NrSa0jHjkpjo1br/Xjc5VHVqd+IhhWpaxYYTW0zrUGlI0c2z4ozaYn
RMHGnJ/zl20/1HCY9kJawVFsW8wKgjX3rE6MKp7QiSGTglD3XM8Y8qPg0he11Ylv
K3nzCty/FK19oEwfA4qh/oYpB5kQcZMMtor0xuuaezR/C85qs0huGoEyb1YJ0U0y
H7ozTTW4xh6Eji3nOSygn2E+HBz0U13e0Qb0KBraV1o/ZoJu2Afmb5kcywXN9onY
/zwynrXe6DwF6AbIcf3uvJysxcuVN/GC5tcoMiCzTkzp7Frk5NbXVjVrTO4c9nLW
w8+7b3BSKc/A+EZXo5B7F+ksjAmIKQmuBXxyfmYaE7xA5sDbG5NkbY0NqhcD3c+Y
GntZNm6z56noRPuGxh3sZPGZKRpEPfpmUNwvUw5Z+nt3DkclTnkXMhQXiMlVms/5
okUMsMNgkLFOEgI8kvFb+X7GkDF3MOdy/8lsP9tb5pVs/oj2ZSXcC1+xBYmIx8HR
gsWv3J0vC4b9GR4=
=f64B
-----END PGP SIGNATURE-----
pgpSETkWO1pen.pgp
Description: PGP signature
--- End Message ---
