- Package:
- release.debian.org
- Source:
- release.debian.org
- Submitter:
- Karsten Schöke
- Date:
- 2026-05-23 12:07:02 UTC
- Severity:
- normal
- Tags:
Fix CVE-2026-32711 for trixie. A crafted DICOMDIR could create a path traversal by setting ReferencedFileID to a path outside the File-set root. [ Checklist ] [*] *all* changes are documented in the d/changelog [*] I reviewed all changes and I approve them [*] attach debdiff against the package in (old)stable [*] the issue is verified as fixed in unstable [ Changes ] I backported the upstream patch from the 2.4.5 release. Additionally, the test dependency `python3-pyfakefs` had to be added to the control file.
Dear Release Team, Unfortunately, the new reproducibility test is failing in this PU as well, meaning further work is still required here. I will attempt to fix this and upload a new diff in the coming days. Best regards, Karsten