Menu
▾
▴
Re: [Gdcm2] CVE-* in gdcm fixes
|
From: Emmanuel A. <ea...@de...> - 2026-01-04 11:27:10
|
Hi! Quoting Sean McBride (2026-01-03 22:32:35) > Were these filed in the bug tracker? I don't see "cve" when searching: > > https://sourceforge.net/p/gdcm/bugs/search/?q=cve > > Looking at the link you gave, I see some details, but no actual repro > steps. Seems vuln reports are here: * https://talosintelligence.com/vulnerability_reports/TALOS-2025-2210 (CVE-2025-53619,CVE-2025-53618) * https://talosintelligence.com/vulnerability_reports/TALOS-2025-2211 (CVE-2025-52582) * https://talosintelligence.com/vulnerability_reports/TALOS-2025-2214 (CVE-2025-48429) > > On 3 Jan 2026, at 17:33, Emmanuel Arias wrote: > > Hello gdcm developers, > > Happy New Year! > > I'm Emmanuel Arias (eamanu). With the Debian LTS team[0] hat, I'm > working in > gdcm[1] and I'd like to ask if you have some plan to fix the next CVE-*: > > CVE-2025-53619 > CVE-2025-53618 > CVE-2025-52582 > CVE-2025-48429 > > In anycase, I will try to make a patch, but I'm not sure if I will can. > So, > that's why I'm asking you :-) > > I hope we can continue in contact. > > Thanks! > > [0] https://www.debian.org/lts/ > [1] https://security-tracker.debian.org/tracker/source-package/gdcm > > -- > cheers, > Emmanuel Arias > > ⢀⣴⠾⠻⢶⣦⠀ > ⣾⠁⢠⠒⠀⣿⡁ ea...@de... > ⢿⡄⠘⠷⠚⠋⠀ OpenPGP: 13796755BBC72BB8ABE2AEB5 FA9DEC5DE11C63F1 > ⠈⠳⣄ > > ---------------------------------------------------------------------- > > Gdcm-developers mailing list > Gdc...@li... > https://lists.sourceforge.net/lists/listinfo/gdcm-developers cheers, Emmanuel Arias ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ ea...@de... ⢿⡄⠘⠷⠚⠋⠀ OpenPGP: 13796755BBC72BB8ABE2AEB5 FA9DEC5DE11C63F1 ⠈⠳⣄ |
