Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted gdcm 3.0.24-11 (source) into unstable
Date: Fri, 26 Jun 2026 16:38:35 +0000
Signed by: Emmanuel Arias <eamanu@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 26 Jun 2026 11:48:10 -0300
Source: gdcm
Architecture: source
Version: 3.0.24-11
Distribution: unstable
Urgency: medium
Maintainer: Debian Med Packaging Team <debian-med-packaging@lists.alioth.debian.org>
Changed-By: Emmanuel Arias <eamanu@debian.org>
Closes: 1122862 1123576 1123587 1123589 1132042
Changes:
 gdcm (3.0.24-11) unstable; urgency=medium
 .
   * Team Upload.
   * CVE-2025-11266: Avoid out-of-bounds vulnerability. The issue
     was triggered during parsing of a malformed DICOM file containing
     encapsulated PixelData fragments. This vulnerability leads to a
     segmentation fault caused by an out-of-bounds memory access due to
     unsigned integer underflow in buffer indexing (Closes: #1122862).
   * CVE-2025-52582: Add patch to prevent overlay extraction in case of
     malformed overlay or image information (Closes: #1123576).
   * CVE-2025-48429: Add patch to refactor the RLE header to ensure it
     conforms to the DICOM standard (Closes: #1123589).
   * CVE-2025-53618 and CVE-2025-53619: Add patch to add a frame size
     check to ensure that the provided data corresponds to the buffer
     size (Closes: #1123587).
   * CVE-2026-3650: Add patch to reject Value Length exceeding stream
     size (Closes: #1132042).
Checksums-Sha1:
 d4e6d7b9e1991d12d48b4ffa6e106423b67a9bea 3158 gdcm_3.0.24-11.dsc
 74f318bac9412e6eea2eb6ed5422de3c18ddd305 288552 gdcm_3.0.24-11.debian.tar.xz
 5bef56fd576fbeffad2ff354642cdb174e4d10c8 34392 gdcm_3.0.24-11_amd64.buildinfo
Checksums-Sha256:
 d3cd3b72f49d8697d1d7d4153d044ce08163846c2f05286e30c3695c07eb92da 3158 gdcm_3.0.24-11.dsc
 81457d4be7404392b86e1a20878fd536f0a20cb5ae0bc72d7d74ef07ce49ba88 288552 gdcm_3.0.24-11.debian.tar.xz
 4440f47afbf7cf9ce9001ba1cdabc19c73a46b44cd74a9d2d6414928f7199247 34392 gdcm_3.0.24-11_amd64.buildinfo
Files:
 81c4738566b381c33ea3826bea4abdae 3158 libs optional gdcm_3.0.24-11.dsc
 bbdfc6923a5f0f9fddf407fcfdd5d204 288552 libs optional gdcm_3.0.24-11.debian.tar.xz
 85fc2d3227a3f87a596748bdeed7830a 34392 libs optional gdcm_3.0.24-11_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJGBAEBCgAwFiEEE3lnVbvHK7ir4q61+p3sXeEcY/EFAmo+pRoSHGVhbWFudUBk
ZWJpYW4ub3JnAAoJEPqd7F3hHGPxqggP/0AP+F4VgjyjCtILgSEC30yFDkwwEoq+
XCtcz2N9WEP9ZzCPmKGNkgwngE/HJMM5D981B1IWe1btkgPobYA2r9pYg1tnpoGQ
3gJBgFQ9l/SWKp7vbsJDCamxBHyTlJo8KMqJqThhpBePxTgUDz5NDNuDpKMFtWEO
jRBOHo4aOhZwQLdci05YYZ1K+dO6cv+uxhuF6+YyhUwpaNuAN84cIwF8sQfRu54Y
3WeI1rA+xvu4rSlO6VWrnhuhL0uuEOVyculK90luPko2yoe6+BkNwYbBn0/u0iBM
vOBwKXqm0LYvjL28R6t/CyklDDHWm4wxwJBooDBZWCmlA/bNNu3nHipDAr4iMjWX
i9NP/sQ7ASUM5xs7TTgNm0vrXMbS6HNEleCqPO8QSfGk+YvGc/ucln8KBslJ1auc
IYnWiJqf4o34hHuRn0M7bl4sXVGFQA6zvR/2pYF/Sh/TFqGAOjEBlJeZfyYsBJnc
/ohehLENQvONvwQGzGasen2qMYdownjeWFqiNa3NoPZ4N/bnAPisP8veQZBJuUTK
LD1xoy86OrnpsOhW5riC8JZBn5UNYk/3JNZJtFpWciszqKr/Q8AIrTC2MtPpCmqO
9ZrnWoWvKd3iaHAGfhrewEpEAgVt0UYomGBeioY/TPL8SDUdV/wXBpEyzlq4S1aH
nL7yuaj9V4Iz
=60wI
-----END PGP SIGNATURE-----
News for package gdcm
