Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
82a92b6a by Salvatore Bonaccorso at 2026-06-26T20:46:09+02:00
Track fixes for gdcm issues via unstable upload

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -58345,7 +58345,7 @@ CVE-2025-59028 (When sending invalid base64 SASL data, 
login process is disconne
        NOTE: Introduced with: 
https://github.com/dovecot/core/commit/1486c30e191ff079bfa78e7950173bb33d8073d9 
(2.4.1)
        NOTE: Fixed by: 
https://github.com/dovecot/core/commit/56df8acb5f21abaa039f91f1b0839a75719231de 
(2.4.3)
 CVE-2026-3650 (A memory leak exists in the Grassroots DICOM library (GDCM). 
The bug o ...)
-       - gdcm <unfixed> (bug #1132042)
+       - gdcm 3.0.24-11 (bug #1132042)
        [trixie] - gdcm <postponed> (Minor issue, revisit when fixed upstream)
        [bookworm] - gdcm <postponed> (Minor issue, revisit when fixed upstream)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2451988
@@ -103479,14 +103479,14 @@ CVE-2025-64520 (GLPI is a free asset and IT 
management software package. Startin
 CVE-2025-59374 ("UNSUPPORTED WHEN ASSIGNED"Certain versions of the ASUS Live 
Update cl ...)
        NOT-FOR-US: ASUS
 CVE-2025-53619 (An out-of-bounds read vulnerability exists in the 
JPEGBITSCodec::Inter ...)
-       - gdcm <unfixed> (bug #1123587)
+       - gdcm 3.0.24-11 (bug #1123587)
        [trixie] - gdcm <no-dsa> (Minor issue)
        [bookworm] - gdcm <no-dsa> (Minor issue)
        [bullseye] - gdcm <postponed> (Minor issue)
        NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2025-2210
        NOTE: 
https://github.com/malaterre/GDCM/commit/f0e359c87947326c7fb2f7b91ecbe351e9d8c683
 (v3.2.3)
 CVE-2025-53618 (An out-of-bounds read vulnerability exists in the 
JPEGBITSCodec::Inter ...)
-       - gdcm <unfixed> (bug #1123587)
+       - gdcm 3.0.24-11 (bug #1123587)
        [trixie] - gdcm <no-dsa> (Minor issue)
        [bookworm] - gdcm <no-dsa> (Minor issue)
        [bullseye] - gdcm <postponed> (Minor issue)
@@ -103495,14 +103495,14 @@ CVE-2025-53618 (An out-of-bounds read vulnerability 
exists in the JPEGBITSCodec:
 CVE-2025-53524 (Fuji Electric Monitouch V-SFT-6 is vulnerable to an 
out-of-bounds writ ...)
        NOT-FOR-US: Fuji Electric
 CVE-2025-52582 (An out-of-bounds read vulnerability exists in the 
Overlay::GrabOverlay ...)
-       - gdcm <unfixed> (bug #1123576)
+       - gdcm 3.0.24-11 (bug #1123576)
        [trixie] - gdcm <no-dsa> (Minor issue)
        [bookworm] - gdcm <no-dsa> (Minor issue)
        [bullseye] - gdcm <postponed> (Minor issue)
        NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2025-2211
        NOTE: 
https://github.com/malaterre/GDCM/commit/14825ceb1cb6855f32e726ee5cd2968e3051da2a
 (v3.2.3)
 CVE-2025-48429 (An out-of-bounds read vulnerability exists in the 
RLECodec::DecodeBySt ...)
-       - gdcm <unfixed> (bug #1123589)
+       - gdcm 3.0.24-11 (bug #1123589)
        [trixie] - gdcm <no-dsa> (Minor issue)
        [bookworm] - gdcm <no-dsa> (Minor issue)
        [bullseye] - gdcm <postponed> (Minor issue)
@@ -105739,7 +105739,7 @@ CVE-2025-11693 (The Export WP Page to Static HTML & 
PDF plugin for WordPress is
 CVE-2025-11376 (The Colibri Page Builder plugin for WordPress is vulnerable to 
Stored  ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-11266 (An out-of-bounds write vulnerability exists in the Grassroots 
DICOM li ...)
-       - gdcm 3.0.24-8 (bug #1122862)
+       - gdcm 3.0.24-11 (bug #1122862)
        [trixie] - gdcm <no-dsa> (Minor issue)
        [bookworm] - gdcm <no-dsa> (Minor issue)
        [bullseye] - gdcm <postponed> (Minor issue)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/82a92b6a6a4d4dc7dda2d575d329e538d1db1a7d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/82a92b6a6a4d4dc7dda2d575d329e538d1db1a7d
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to