-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 23 Jun 2026 21:44:21 +0200 Source: dcmtk Architecture: source Version: 3.6.9-5+deb13u2 Distribution: trixie Urgency: medium Maintainer: Debian Med Packaging Team Changed-By: Étienne Mollier Closes: 1113993 1122926 1123584 1133001 1139181 1140562 Changes: dcmtk (3.6.9-5+deb13u2) trixie; urgency=medium . * Team upload. * CVE-2026-12805.patch: new: fix CVE-2026-12805. This patch fixes a risk of buffer overflow by ensuring negative error codes in XMLNode::parseFile are properly handled, as well a NULL values. (Closes: #1140562) . dcmtk (3.6.9-5+deb13u1) trixie; urgency=medium . * Team upload * d/patches/*-CVE-2025-9732.patch: new. These changes pulled from dcmtk upstream address CVE-2025-9732. (Closes: #1113993) * 0015-CVE-2025-14607.patch: new: fix CVE-2025-14607. (Closes: #1122926) * 0016-CVE-2026-5663.patch: new: fix CVE-2026-5663. (Closes: #1133001) * 0017-CVE-2025-14841.patch: new: fix CVE-2025-14841. (Closes: #1123584) * 0018-CVE-2026-10194.patch: new: fix CVE-2026-10194. (Closes: #1139181) Checksums-Sha1: 1f975701c3c8e0f9c74dc1de2f58c777751a7d4c 2565 dcmtk_3.6.9-5+deb13u2.dsc 9691f8fab87370c8f55bb4a3ab9437fa7d335bcd 39648 dcmtk_3.6.9-5+deb13u2.debian.tar.xz Checksums-Sha256: a70995acc262f47434117d2d1264176003e1a8cf67d352f595cfa470e2e1c091 2565 dcmtk_3.6.9-5+deb13u2.dsc 87027ffc6f18eb11c75957e0c7d9488c6cd69c920b7f020c35909b9e64388814 39648 dcmtk_3.6.9-5+deb13u2.debian.tar.xz Files: 5598d5fb7c2016a0a34bfbc7cf27c6ef 2565 science optional dcmtk_3.6.9-5+deb13u2.dsc 92826d816857511f4e3667927e368058 39648 science optional dcmtk_3.6.9-5+deb13u2.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQJIBAEBCgAyFiEEj5GyJ8fW8rGUjII2eTz2fo8NEdoFAmpDao4UHGVtb2xsaWVy QGRlYmlhbi5vcmcACgkQeTz2fo8NEdpTNxAAxwoOwajdp5Z/n5GgP1D6twii+CBs RBd5mbdxekkHNA4IBfdlrnvFhsRjLUQroF7D0xjOuFe0cL2dg04Qh2gD+VoDeKKb 40mC41FahTMABA5NT4Je/59KgTKpZce5RkgbIKVnHwcpCShWlG99bYzxc11FzPVt fR6pDM2vRRaP/Z1a0UGpi4YP1iOYYR3cpdM6Ym1hjcfVTqP+J81lWOvkIn7I+Jt2 hoVnQvkpoRHFn2TicW07EQCQVlVQ5Yy8KsgVsiGh6Og9GEv4rU1b0cFkDlPJ3sNv lcbpz3hLOe0J9NfOtkI9103Vi05aaRWOXTp5x1v9AB/3mth1td8rjFNqUlQ0tBaA 4xjj3ke4LehO4RmSkLuYfkKrQkV/4+veuMQXtsA7BnNc0ZwziDXHINjliXcdCFdG TVJQkyD9T8/nue89Zt91uMhksX44tbi3+vD+DkUlCocJIxC5UqxlG75VU5T0m7dw +nEtodtEmqNY5Nb6IwgcFfgpHsCW+WSob9kelhuHfkGE4WI+Gt4KCcsA/w1TBw62 XORPCeGxmFPnSQaHb6JW+i92VYtDug65mpPFsjJejDka5gsc0F8SUWJAvVP9Vx/J WtH1+Xfk9Bob96GasIdrBmco6UdoraZB0gB5MTBLnGJw3BL9U7qNTplH9PEwuFhL wiovk98EWwvZ4NQ= =dBgP -----END PGP SIGNATURE-----