Emmanuel Arias pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
9c24cf6c by Emmanuel Arias at 2026-06-26T14:19:38-03:00
data/CVE/list: Add patch link to gdcm CVEs.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -58344,7 +58344,7 @@ CVE-2026-3650 (A memory leak exists in the Grassroots 
DICOM library (GDCM). The
        [trixie] - gdcm <postponed> (Minor issue, revisit when fixed upstream)
        [bookworm] - gdcm <postponed> (Minor issue, revisit when fixed upstream)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2451988
-       TODO: check, vague report from Red Hat, no upstream details
+       NOTE: 
https://github.com/malaterre/GDCM/commit/9d65a217c958968a74c14b10388d03ca61953a74
 (v3.2.3)
 CVE-2026-1556 (Information disclosure in the file URI processing of File 
(Field) Path ...)
        - drupal7 <removed>
 CVE-2026-33542 (Incus is a system container and virtual machine manager. Prior 
to vers ...)
@@ -103479,12 +103479,14 @@ CVE-2025-53619 (An out-of-bounds read vulnerability 
exists in the JPEGBITSCodec:
        [bookworm] - gdcm <no-dsa> (Minor issue)
        [bullseye] - gdcm <postponed> (Minor issue)
        NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2025-2210
+       NOTE: 
https://github.com/malaterre/GDCM/commit/f0e359c87947326c7fb2f7b91ecbe351e9d8c683
 (v3.2.3)
 CVE-2025-53618 (An out-of-bounds read vulnerability exists in the 
JPEGBITSCodec::Inter ...)
        - gdcm <unfixed> (bug #1123587)
        [trixie] - gdcm <no-dsa> (Minor issue)
        [bookworm] - gdcm <no-dsa> (Minor issue)
        [bullseye] - gdcm <postponed> (Minor issue)
        NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2025-2210
+       NOTE: 
https://github.com/malaterre/GDCM/commit/f0e359c87947326c7fb2f7b91ecbe351e9d8c683
 (v3.2.3)
 CVE-2025-53524 (Fuji Electric Monitouch V-SFT-6 is vulnerable to an 
out-of-bounds writ ...)
        NOT-FOR-US: Fuji Electric
 CVE-2025-52582 (An out-of-bounds read vulnerability exists in the 
Overlay::GrabOverlay ...)
@@ -103493,12 +103495,14 @@ CVE-2025-52582 (An out-of-bounds read vulnerability 
exists in the Overlay::GrabO
        [bookworm] - gdcm <no-dsa> (Minor issue)
        [bullseye] - gdcm <postponed> (Minor issue)
        NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2025-2211
+       NOTE: 
https://github.com/malaterre/GDCM/commit/14825ceb1cb6855f32e726ee5cd2968e3051da2a
 (v3.2.3)
 CVE-2025-48429 (An out-of-bounds read vulnerability exists in the 
RLECodec::DecodeBySt ...)
        - gdcm <unfixed> (bug #1123589)
        [trixie] - gdcm <no-dsa> (Minor issue)
        [bookworm] - gdcm <no-dsa> (Minor issue)
        [bullseye] - gdcm <postponed> (Minor issue)
        NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2025-2214
+       NOTE: 
https://github.com/malaterre/GDCM/commit/0393310f8bb27c3bec8b67c6bfb18f71f6a15bb8
 (v3.2.3)
 CVE-2025-34288 (Nagios XI versions prior to 2026R1.1 arevulnerable to local 
privilege  ...)
        NOT-FOR-US: Nagios XI
 CVE-2025-14817 (The component 
com.transsion.tranfacmode.entrance.main.MainActivity in  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c24cf6c203a072ef88d05dcf7dedc3aee44ea12

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c24cf6c203a072ef88d05dcf7dedc3aee44ea12
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to