Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted gdcm 3.0.8-2+deb11u1 (source) into oldoldstable-security
Date: Fri, 26 Jun 2026 19:30:16 +0000
Signed by: Emmanuel Arias <eamanu@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 26 Jun 2026 14:21:36 -0300
Source: gdcm
Architecture: source
Version: 3.0.8-2+deb11u1
Distribution: bullseye-security
Urgency: medium
Maintainer: Debian Med Packaging Team <debian-med-packaging@lists.alioth.debian.org>
Changed-By: Emmanuel Arias <eamanu@debian.org>
Closes: 1070387 1122862 1123576 1123587 1123589 1132042
Changes:
 gdcm (3.0.8-2+deb11u1) bullseye-security; urgency=medium
 .
   * Non-maintainer upload by the LTS Team.
 .
   [ Étienne Mollier ]
   * CVE-2024-*.patch: new: fix multiple security issues.
     This patch set addresses CVE-2024-22373, CVE-2024-22391 and
     CVE-2024-25569. (Closes: #1070387)
 .
   [ Emmanuel Arias ]
   * CVE-2025-11266: Avoid out-of-bounds vulnerability. The issue
     was triggered during parsing of a malformed DICOM file containing
     encapsulated PixelData fragments. This vulnerability leads to a
     segmentation fault caused by an out-of-bounds memory access due to
     unsigned integer underflow in buffer indexing (Closes: #1122862).
   * CVE-2025-52582: Add patch to prevent overlay extraction in case of
     malformed overlay or image information (Closes: #1123576).
   * CVE-2025-48429: Add patch to refactor the RLE header to ensure it
     conforms to the DICOM standard (Closes: #1123589).
   * CVE-2025-53618 and CVE-2025-53619: Add patch to add a frame size
     check to ensure that the provided data corresponds to the buffer
     size (Closes: #1123587).
   * CVE-2026-3650: Add patch to reject Value Length exceeding stream
     size (Closes: #1132042).
Checksums-Sha1:
 c7cc92fd9f52612301ffe02f707475bcd6ddd3d4 3950 gdcm_3.0.8-2+deb11u1.dsc
 a95687b15d80a6cb43e23e68793b3f0cc794977f 2935257 gdcm_3.0.8.orig.tar.bz2
 dde9d6cf75165a130df46dfee923fc5e9517e744 30876 gdcm_3.0.8-2+deb11u1.debian.tar.xz
 45efb094d29aaa7b47e4f182ec679cb514fcd24f 8897 gdcm_3.0.8-2+deb11u1_source.buildinfo
Checksums-Sha256:
 7412b16f712194415295a9d2498f89dc7a584e230a7ee714cc8b14e76ed3346d 3950 gdcm_3.0.8-2+deb11u1.dsc
 33077958ec2fb43361cd4e2889dc901cc4d45c30b7f134950fc57ecd4f0637e1 2935257 gdcm_3.0.8.orig.tar.bz2
 365244bd6b92dbccbdcfcf43f7623a8e6b7e0c535fcbf550fc582cb05bac4a4a 30876 gdcm_3.0.8-2+deb11u1.debian.tar.xz
 76a0caec28dabf6ab691cf5059e130e9490fb7765ba5347380ac5f7953cc6269 8897 gdcm_3.0.8-2+deb11u1_source.buildinfo
Files:
 44eb383729ac4a4fae98d71617f602b0 3950 libs optional gdcm_3.0.8-2+deb11u1.dsc
 8215851163fb8bca6f251c6862327c5c 2935257 libs optional gdcm_3.0.8.orig.tar.bz2
 fd2b595a32bb7e545e1efe4b224e6254 30876 libs optional gdcm_3.0.8-2+deb11u1.debian.tar.xz
 a38f15b0889b7cea2d6cad3e6334ff8b 8897 libs optional gdcm_3.0.8-2+deb11u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJGBAEBCgAwFiEEE3lnVbvHK7ir4q61+p3sXeEcY/EFAmo+z84SHGVhbWFudUBk
ZWJpYW4ub3JnAAoJEPqd7F3hHGPx57kQAKN4t12PhrDgEhpmpyrCZc0A8zEWFUSp
TDxopb1fJbUYfmdLrPdCFcQrKzkf4lDCZm/FM1LNAoZZmgqp7HRD5+BQhicgXIEf
t0ebGnHalvpxFUv59M8KQe5jy8A7xyJHrEON4KPv6US4tt194lnPe9smCAzL3F0d
nUaUmwyT4DNcDd0siJkaQnP9PEITy+yeg3iSPgetm57TXA+TNYWbDQ2Jle5QWXen
0iqwBwzv52JiztE0NZ4gxc7VGz9isN6jvLUunNm8pe560H79MBAMP4y6I6RL0Iyy
jEl7Y1tAzu0/kCBryb5N8YeePpKoO4xiLUKsOd0or340qHj1tJ1YIeEpthvRruy0
6CJG9gFhYimb5t8JZlnDsMA4fh43q4LyQpQOscHdpX242lL//RnkA1fsl7sKyYdr
qDCP2CQxSBDR0Tfrn9H8RnyVvbcdYjiYoxDDYixD75WDu8rKXVnxX6auKHfnMl1+
nbwXOV5WaQbeXJhfHCUko1FxDWblS3PGStPwqazDghIeNWtzVDLxb9CweoFiCK+G
mJK5GQf1yKq2bO6RoXIOdY8wSguTnmJZ7BrmV8NJztAC1naAsMWB9oG6Fio8piNU
RT/H64xCSRGbWxyRSqjUQ57R4cDy8/GpJFHfg9wOe2Qvo5cKoT/s6Ja3q5ngMAtn
+CzSY6+qHyqy
=vB2t
-----END PGP SIGNATURE-----
News for package gdcm
