Advisory: http://hmarco.org/bugs/dcmtk-3.6.1-privilege-escalation.html Patch candidate: http://hmarco.org/bugs/patches/dcmtk-3.6.1-drop-privileges-fixed.patch
3.6.3 is in tree and 3.6.0 was never stable.
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8b42415404eb3335b89ffb3d42d85fae6273294c commit 8b42415404eb3335b89ffb3d42d85fae6273294c Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2018-09-05 19:07:46 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2018-09-05 21:17:47 +0000 sci-libs/dcmtk: Drop vulnerable 3.6.0 Closes: https://bugs.gentoo.org/602918 Closes: https://bugs.gentoo.org/602920 Closes: https://bugs.gentoo.org/618762 Package-Manager: Portage-2.3.49, Repoman-2.3.10 sci-libs/dcmtk/Manifest | 1 - sci-libs/dcmtk/dcmtk-3.6.0.ebuild | 98 ------- sci-libs/dcmtk/files/01_fix_perl_script_path.patch | 222 -------------- sci-libs/dcmtk/files/02_dcmtk_3.6.0-1.patch | 89 ------ sci-libs/dcmtk/files/04_nostrip.patch | 171 ----------- sci-libs/dcmtk/files/dcmtk-asneeded.patch | 63 ---- sci-libs/dcmtk/files/dcmtk-fix_doc_install.patch | 16 -- sci-libs/dcmtk/files/dcmtk-gcc472-error.patch | 318 --------------------- sci-libs/dcmtk/files/dcmtk_version_number.patch | 131 --------- sci-libs/dcmtk/files/png_tiff.patch | 11 - .../files/regression_stacksequenceisodd.patch | 98 ------- 11 files changed, 1218 deletions(-)