#1136272 trixie-pu: package pydicom/2.4.3-2+deb13u1

#1136272#5
Date:
2026-05-11 10:43:11 UTC
From:
To:
Fix CVE-2026-32711 for trixie.
A crafted DICOMDIR could create a path traversal by setting
ReferencedFileID to a path outside the File-set root.


[ Checklist ]
  [*] *all* changes are documented in the d/changelog
  [*] I reviewed all changes and I approve them
  [*] attach debdiff against the package in (old)stable
  [*] the issue is verified as fixed in unstable

[ Changes ]
I backported the upstream patch from the 2.4.5 release.
Additionally, the test dependency `python3-pyfakefs`
had to be added to the control file.

#1136272#12
Date:
2026-05-14 06:36:32 UTC
From:
To:
Dear Release Team,

Unfortunately, the new reproducibility test is failing in this PU as well, meaning further work is still required here.
I will attempt to fix this and upload a new diff in the coming days.

Best regards,
Karsten