Advisory: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5384.php Patch candidate: https://github.com/commontk/DCMTK/commit/1b6bb76 Exploit (Python): https://www.exploit-db.com/exploits/40928/
Upstream has the fix at 3.6.3.
3.6.3 is in tree and 3.6.0 was never stable.
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8b42415404eb3335b89ffb3d42d85fae6273294c commit 8b42415404eb3335b89ffb3d42d85fae6273294c Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2018-09-05 19:07:46 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2018-09-05 21:17:47 +0000 sci-libs/dcmtk: Drop vulnerable 3.6.0 Closes: https://bugs.gentoo.org/602918 Closes: https://bugs.gentoo.org/602920 Closes: https://bugs.gentoo.org/618762 Package-Manager: Portage-2.3.49, Repoman-2.3.10 sci-libs/dcmtk/Manifest | 1 - sci-libs/dcmtk/dcmtk-3.6.0.ebuild | 98 ------- sci-libs/dcmtk/files/01_fix_perl_script_path.patch | 222 -------------- sci-libs/dcmtk/files/02_dcmtk_3.6.0-1.patch | 89 ------ sci-libs/dcmtk/files/04_nostrip.patch | 171 ----------- sci-libs/dcmtk/files/dcmtk-asneeded.patch | 63 ---- sci-libs/dcmtk/files/dcmtk-fix_doc_install.patch | 16 -- sci-libs/dcmtk/files/dcmtk-gcc472-error.patch | 318 --------------------- sci-libs/dcmtk/files/dcmtk_version_number.patch | 131 --------- sci-libs/dcmtk/files/png_tiff.patch | 11 - .../files/regression_stacksequenceisodd.patch | 98 ------- 11 files changed, 1218 deletions(-)