Version in base suite: 3.6.7-9~deb12u1

Base version: dcmtk_3.6.7-9~deb12u1
Target version: dcmtk_3.6.7-9~deb12u2
Base file: /srv/ftp-master.debian.org/ftp/pool/main/d/dcmtk/dcmtk_3.6.7-9~deb12u1.dsc
Target file: /srv/ftp-master.debian.org/policy/pool/main/d/dcmtk/dcmtk_3.6.7-9~deb12u2.dsc

 changelog                                   |   17 
 patches/0007-CVE-2024-47796.patch           |   33 +
 patches/0008-CVE-2024-52333.patch           |   48 ++
 patches/0009-CVE-2024-27628.patch           |  607 ++++++++++++++++++++++++++++
 patches/0010-CVE-2024-34508-34509.patch     |   88 ++++
 patches/0011-CVE-2024-34508-34509_bis.patch |   63 ++
 patches/series                              |    5 
 7 files changed, 861 insertions(+)

diff -Nru dcmtk-3.6.7/debian/changelog dcmtk-3.6.7/debian/changelog
--- dcmtk-3.6.7/debian/changelog	2024-04-19 11:38:32.000000000 +0000
+++ dcmtk-3.6.7/debian/changelog	2025-02-01 19:09:27.000000000 +0000
@@ -1,3 +1,20 @@
+dcmtk (3.6.7-9~deb12u2) bookworm; urgency=medium
+
+  * Team upload.
+  * 0007-CVE-2024-47796.patch: new.
+    This patch addresses CVE-2024-47796. (Closes: #1093043)
+  * 0008-CVE-2024-52333.patch: new.
+    This patch addresses CVE-2024-52333. (Closes: #1093047)
+  * 0009-CVE-2024-27628.patch: new.
+    This patch fixes CVE-2024-27628. (Closes: #1074483)
+  * 0010-CVE-2024-34508-34509.patch: new.
+    This patch fixes CVE-2024-34508 and CVE-2024-34509.
+  * 0011-CVE-2024-34508-34509_bis.patch: new.
+    This introduces upstream's fix to the test regression introduced by
+    the mitigation against CVE-2024-34508 and CVE-2024-34509.
+
+ -- Étienne Mollier <emollier@debian.org>  Sat, 01 Feb 2025 20:09:27 +0100
+
 dcmtk (3.6.7-9~deb12u1) bookworm; urgency=medium
 
   * Team upload.
diff -Nru dcmtk-3.6.7/debian/patches/0007-CVE-2024-47796.patch dcmtk-3.6.7/debian/patches/0007-CVE-2024-47796.patch
--- dcmtk-3.6.7/debian/patches/0007-CVE-2024-47796.patch	1970-01-01 00:00:00.000000000 +0000
+++ dcmtk-3.6.7/debian/patches/0007-CVE-2024-47796.patch	2025-01-30 18:29:27.000000000 +0000
@@ -0,0 +1,33 @@
+Author: Joerg Riesmeier <dicom@jriesmeier.com>
+Forwarded: https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=89a6e399f1e17d08a8bc8cdaa05b2ac9a50cd4f6
+Bug-Debian: https://bugs.debian.org/1093043
+Reviewed-By: Étienne Mollier <emollier@debian.org>
+Last-Update: 2025-01-18
+Description:  Fixed issue rendering invalid monochrome image.
+ Fixed issue when rendering an invalid monochrome DICOM image where the
+ number of pixels stored does not match the expected number of pixels.
+ If the stored number is less than the expected number, the rest of the
+ pixel matrix for the intermediate representation was always filled with
+ the value 0. Under certain, very rare conditions, this could result in
+ memory problems reported by an Address Sanitizer (ASAN). Now, the rest
+ of the matrix is filled with the smallest possible value for the image.
+ .
+ Thanks to Emmanuel Tacheau from the Cisco Talos team
+ <vulndiscovery@external.cisco.com> for the original report, the sample
+ file (PoC) and further details. See TALOS-2024-2122 and CVE-2024-47796.
+
+diff --git a/dcmimgle/include/dcmtk/dcmimgle/dimoipxt.h b/dcmimgle/include/dcmtk/dcmimgle/dimoipxt.h
+index e749a6b16e9f1af9a1459875aef5b7ab308c3987..50389a5407ec3e913446c2e6ba8c6c68047edaf8 100644 (file)
+--- a/dcmimgle/include/dcmtk/dcmimgle/dimoipxt.h
++++ b/dcmimgle/include/dcmtk/dcmimgle/dimoipxt.h
+@@ -72,9 +72,9 @@ class DiMonoInputPixelTemplate
+                 rescale(pixel);                     // "copy" or reference pixel data
+                 this->determineMinMax(OFstatic_cast(T3, this->Modality->getMinValue()), OFstatic_cast(T3, this->Modality->getMaxValue()));
+             }
+-            /* erase empty part of the buffer (= blacken the background) */
++            /* erase empty part of the buffer (= fill the background with the smallest possible value) */
+             if ((this->Data != NULL) && (this->InputCount < this->Count))
+-                OFBitmanipTemplate<T3>::zeroMem(this->Data + this->InputCount, this->Count - this->InputCount);
++                OFBitmanipTemplate<T3>::setMem(this->Data + this->InputCount, OFstatic_cast(T3, this->Modality->getAbsMinimum()), this->Count - this->InputCount);
+         }
+     }
diff -Nru dcmtk-3.6.7/debian/patches/0008-CVE-2024-52333.patch dcmtk-3.6.7/debian/patches/0008-CVE-2024-52333.patch
--- dcmtk-3.6.7/debian/patches/0008-CVE-2024-52333.patch	1970-01-01 00:00:00.000000000 +0000
+++ dcmtk-3.6.7/debian/patches/0008-CVE-2024-52333.patch	2025-01-30 18:40:37.000000000 +0000
@@ -0,0 +1,48 @@
+Author: Joerg Riesmeier <dicom@jriesmeier.com>
+Forwarded: https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=03e851b0586d05057c3268988e180ffb426b2e03
+Bug-Debian: https://bugs.debian.org/1093047
+Reviewed-By: Étienne Mollier <emollier@debian.org>
+Last-Update: 2025-01-18
+Description:  Added check to make sure: HighBit < BitsAllocated.
+ Added check to the image preprocessing to make sure that the value of
+ HighBit is always less than the value of BitsAllocated. Before, this
+ missing check could lead to memory corruption if an invalid combination
+ of values was retrieved from a malformed DICOM dataset.
+ .
+ Thanks to Emmanuel Tacheau from the Cisco Talos team
+ <vulndiscovery@external.cisco.com> for the report, sample file (PoC)
+ and detailed analysis. See TALOS-2024-2121 and CVE-2024-52333.
+
+--- dcmtk.orig/dcmimgle/libsrc/diimage.cc
++++ dcmtk/dcmimgle/libsrc/diimage.cc
+@@ -1,6 +1,6 @@
+ /*
+  *
+- *  Copyright (C) 1996-2021, OFFIS e.V.
++ *  Copyright (C) 1996-2025, OFFIS e.V.
+  *  All rights reserved.  See COPYRIGHT file for details.
+  *
+  *  This software and supporting documentation were developed by
+@@ -548,12 +548,18 @@
+     {
+         const unsigned long fsize = OFstatic_cast(unsigned long, Rows) * OFstatic_cast(unsigned long, Columns) *
+             OFstatic_cast(unsigned long, SamplesPerPixel);
+-        if ((BitsAllocated < 1) || (BitsStored < 1) || (BitsAllocated < BitsStored) ||
+-            (BitsStored > OFstatic_cast(Uint16, HighBit + 1)))
++        if ((BitsAllocated < 1) || (BitsStored < 1))
+         {
+             ImageStatus = EIS_InvalidValue;
+-            DCMIMGLE_ERROR("invalid values for 'BitsAllocated' (" << BitsAllocated << "), "
+-                << "'BitsStored' (" << BitsStored << ") and/or 'HighBit' (" << HighBit << ")");
++            DCMIMGLE_ERROR("invalid value(s) for 'BitsAllocated' (" << BitsAllocated << "), "
++                << "and/or 'BitsStored' (" << BitsStored << ")");
++            return;
++        }
++        else if ((BitsAllocated < BitsStored) || (BitsAllocated <= HighBit) || ((BitsStored - 1) > HighBit))
++        {
++            ImageStatus = EIS_InvalidValue;
++            DCMIMGLE_ERROR("invalid combination of values for 'BitsAllocated' (" << BitsAllocated << "), "
++                << "'BitsStored' (" << BitsStored << ") and 'HighBit' (" << HighBit << ")");
+             return;
+         }
+         else if ((evr == EVR_OB) && (BitsStored <= 8))
diff -Nru dcmtk-3.6.7/debian/patches/0009-CVE-2024-27628.patch dcmtk-3.6.7/debian/patches/0009-CVE-2024-27628.patch
--- dcmtk-3.6.7/debian/patches/0009-CVE-2024-27628.patch	1970-01-01 00:00:00.000000000 +0000
+++ dcmtk-3.6.7/debian/patches/0009-CVE-2024-27628.patch	2025-01-30 19:21:21.000000000 +0000
@@ -0,0 +1,607 @@
+Author: Michael Onken <onken@open-connections.de>
+Forwarded: https://github.com/DCMTK/dcmtk/commit/ec52e99e1e33fc39810560421c0833b02da567b3
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074483
+Reviewed-By: Étienne Mollier <emollier@debian.org>
+Last-Update: 2025-01-30
+Description: Fixed possible overflows when allocating memory.
+ Thanks to GitHub user "bananabr" (Daniel Berredo) for the report and
+ suggested patch.
+
+--- dcmtk.orig/dcmect/libsrc/enhanced_ct.cc
++++ dcmtk/dcmect/libsrc/enhanced_ct.cc
+@@ -24,6 +24,7 @@
+ #include "dcmtk/dcmect/types.h"
+ #include "dcmtk/dcmfg/concatenationcreator.h"
+ #include "dcmtk/dcmfg/concatenationloader.h"
++#include "dcmtk/dcmfg/fgtypes.h"
+ #include "dcmtk/dcmiod/iodutil.h"
+ #include "dcmtk/dcmiod/modimagepixel.h"
+ 
+@@ -100,8 +101,19 @@
+         m_CT.getRows(rows);
+         m_CT.getColumns(cols);
+         const size_t numFrames      = m_CT.m_Frames.size();
++        if (numFrames > 2147483647)
++        {
++            DCMECT_ERROR("More than 2147483647 frames provided");
++            return FG_EC_PixelDataTooLarge;
++        }
++        const size_t numPixelsFrame = OFstatic_cast(size_t, rows) * OFstatic_cast(size_t, cols);
+         const size_t numBytesFrame  = m_CT.m_Frames[0]->length;
+-        const size_t numPixelsFrame = rows * cols;
++        if (numBytesFrame != numPixelsFrame * 2)
++        {
++            DCMECT_ERROR("Invalid number of bytes per frame: Expected " << numPixelsFrame * 2 << " but got "
++              << numBytesFrame << " frame pixel data");
++            return ECT_InvalidPixelInfo;
++        }
+         // Creates the correct pixel data element, based on the image pixel module used.
+         DcmPixelData* pixData = new DcmPixelData(DCM_PixelData);
+         OFCondition result;
+--- dcmtk.orig/dcmect/tests/CMakeLists.txt
++++ dcmtk/dcmect/tests/CMakeLists.txt
+@@ -2,6 +2,7 @@
+ DCMTK_ADD_EXECUTABLE(dcmect_tests
+   tests.cc
+   t_huge_concat.cc
++  t_overflow.cc
+   t_roundtrip.cc
+ )
+ 
+--- dcmtk.orig/dcmect/tests/Makefile.dep
++++ dcmtk/dcmect/tests/Makefile.dep
+@@ -188,6 +188,157 @@
+  ../../dcmfg/include/dcmtk/dcmfg/fgrealworldvaluemapping.h \
+  ../../dcmiod/include/dcmtk/dcmiod/iodcontentitemmacro.h \
+  ../../dcmfg/include/dcmtk/dcmfg/fgtemporalposition.h
++t_overflow.o: t_overflow.cc ../../config/include/dcmtk/config/osconfig.h \
++ ../include/dcmtk/dcmect/enhanced_ct.h ../include/dcmtk/dcmect/def.h \
++ ../../ofstd/include/dcmtk/ofstd/ofexport.h \
++ ../include/dcmtk/dcmect/types.h ../../oflog/include/dcmtk/oflog/oflog.h \
++ ../../oflog/include/dcmtk/oflog/logger.h \
++ ../../oflog/include/dcmtk/oflog/config.h \
++ ../../ofstd/include/dcmtk/ofstd/ofdefine.h \
++ ../../ofstd/include/dcmtk/ofstd/ofcast.h \
++ ../../ofstd/include/dcmtk/ofstd/ofstdinc.h \
++ ../../oflog/include/dcmtk/oflog/config/defines.h \
++ ../../oflog/include/dcmtk/oflog/helpers/threadcf.h \
++ ../../oflog/include/dcmtk/oflog/loglevel.h \
++ ../../ofstd/include/dcmtk/ofstd/ofvector.h \
++ ../../ofstd/include/dcmtk/ofstd/oftypes.h \
++ ../../ofstd/include/dcmtk/ofstd/ofstream.h \
++ ../../oflog/include/dcmtk/oflog/tstring.h \
++ ../../ofstd/include/dcmtk/ofstd/ofstring.h \
++ ../../oflog/include/dcmtk/oflog/tchar.h \
++ ../../oflog/include/dcmtk/oflog/spi/apndatch.h \
++ ../../oflog/include/dcmtk/oflog/appender.h \
++ ../../ofstd/include/dcmtk/ofstd/ofmem.h \
++ ../../ofstd/include/dcmtk/ofstd/ofutil.h \
++ ../../ofstd/include/dcmtk/ofstd/oftraits.h \
++ ../../ofstd/include/dcmtk/ofstd/variadic/tuplefwd.h \
++ ../../oflog/include/dcmtk/oflog/layout.h \
++ ../../oflog/include/dcmtk/oflog/streams.h \
++ ../../oflog/include/dcmtk/oflog/helpers/pointer.h \
++ ../../oflog/include/dcmtk/oflog/thread/syncprim.h \
++ ../../oflog/include/dcmtk/oflog/spi/filter.h \
++ ../../oflog/include/dcmtk/oflog/helpers/lockfile.h \
++ ../../oflog/include/dcmtk/oflog/spi/logfact.h \
++ ../../oflog/include/dcmtk/oflog/logmacro.h \
++ ../../oflog/include/dcmtk/oflog/helpers/snprintf.h \
++ ../../oflog/include/dcmtk/oflog/tracelog.h \
++ ../../ofstd/include/dcmtk/ofstd/ofcond.h \
++ ../../ofstd/include/dcmtk/ofstd/ofdiag.h \
++ ../../ofstd/include/dcmtk/ofstd/diag/push.def \
++ ../../ofstd/include/dcmtk/ofstd/diag/useafree.def \
++ ../../ofstd/include/dcmtk/ofstd/diag/pop.def \
++ ../../dcmfg/include/dcmtk/dcmfg/fginterface.h \
++ ../../dcmfg/include/dcmtk/dcmfg/fg.h \
++ ../../dcmfg/include/dcmtk/dcmfg/fgbase.h \
++ ../../dcmdata/include/dcmtk/dcmdata/dcitem.h \
++ ../../ofstd/include/dcmtk/ofstd/offile.h \
++ ../../ofstd/include/dcmtk/ofstd/ofstd.h \
++ ../../ofstd/include/dcmtk/ofstd/oflist.h \
++ ../../ofstd/include/dcmtk/ofstd/oflimits.h \
++ ../../config/include/dcmtk/config/arith.h \
++ ../../ofstd/include/dcmtk/ofstd/oferror.h \
++ ../../dcmdata/include/dcmtk/dcmdata/dctypes.h \
++ ../../dcmdata/include/dcmtk/dcmdata/dcdefine.h \
++ ../../dcmdata/include/dcmtk/dcmdata/dcobject.h \
++ ../../ofstd/include/dcmtk/ofstd/ofglobal.h \
++ ../../ofstd/include/dcmtk/ofstd/ofthread.h \
++ ../../dcmdata/include/dcmtk/dcmdata/dcerror.h \
++ ../../dcmdata/include/dcmtk/dcmdata/dcxfer.h \
++ ../../dcmdata/include/dcmtk/dcmdata/dcvr.h \
++ ../../dcmdata/include/dcmtk/dcmdata/dctag.h \
++ ../../dcmdata/include/dcmtk/dcmdata/dctagkey.h \
++ ../../ofstd/include/dcmtk/ofstd/diag/ignrattr.def \
++ ../../dcmdata/include/dcmtk/dcmdata/dcstack.h \
++ ../../dcmdata/include/dcmtk/dcmdata/dclist.h \
++ ../../dcmdata/include/dcmtk/dcmdata/dcpcache.h \
++ ../../dcmfg/include/dcmtk/dcmfg/fgtypes.h \
++ ../../dcmfg/include/dcmtk/dcmfg/fgdefine.h \
++ ../../ofstd/include/dcmtk/ofstd/ofmap.h \
++ ../../dcmiod/include/dcmtk/dcmiod/iodimage.h \
++ ../../dcmiod/include/dcmtk/dcmiod/iodcommn.h \
++ ../../dcmiod/include/dcmtk/dcmiod/iodrules.h \
++ ../../dcmiod/include/dcmtk/dcmiod/iodtypes.h \
++ ../../dcmiod/include/dcmtk/dcmiod/ioddef.h \
++ ../../dcmiod/include/dcmtk/dcmiod/modcommoninstanceref.h \
++ ../../dcmiod/include/dcmtk/dcmiod/iodmacro.h \
++ ../../dcmdata/include/dcmtk/dcmdata/dcdeftag.h \
++ ../../dcmdata/include/dcmtk/dcmdata/dcvrlo.h \
++ ../../dcmdata/include/dcmtk/dcmdata/dcchrstr.h \
++ ../../dcmdata/include/dcmtk/dcmdata/dcbytstr.h \
++ ../../dcmdata/include/dcmtk/dcmdata/dcelem.h \
++ ../../dcmdata/include/dcmtk/dcmdata/dcvris.h \
++ ../../dcmdata/include/dcmtk/dcmdata/dcvrus.h \
++ ../../dcmdata/include/dcmtk/dcmdata/dcvrlt.h \
++ ../../dcmdata/include/dcmtk/dcmdata/dcvrcs.h \
++ ../../dcmdata/include/dcmtk/dcmdata/dcvrpn.h \
++ ../../dcmiod/include/dcmtk/dcmiod/modbase.h \
++ ../../dcmiod/include/dcmtk/dcmiod/iodreferences.h \
++ ../../dcmiod/include/dcmtk/dcmiod/modequipment.h \
++ ../../dcmiod/include/dcmtk/dcmiod/modfor.h \
++ ../../dcmiod/include/dcmtk/dcmiod/modgeneralseries.h \
++ ../../dcmiod/include/dcmtk/dcmiod/modgeneralstudy.h \
++ ../../dcmiod/include/dcmtk/dcmiod/modpatient.h \
++ ../../dcmiod/include/dcmtk/dcmiod/modpatientstudy.h \
++ ../../dcmiod/include/dcmtk/dcmiod/modsopcommon.h \
++ ../../dcmiod/include/dcmtk/dcmiod/modgeneralimage.h \
++ ../../dcmiod/include/dcmtk/dcmiod/modimagepixelvariant.h \
++ ../../dcmiod/include/dcmtk/dcmiod/modimagepixelbase.h \
++ ../../ofstd/include/dcmtk/ofstd/ofvriant.h \
++ ../../ofstd/include/dcmtk/ofstd/variadic/variant.h \
++ ../../ofstd/include/dcmtk/ofstd/variadic/helpers.h \
++ ../../ofstd/include/dcmtk/ofstd/ofalign.h \
++ ../../ofstd/include/dcmtk/ofstd/diag/cnvrsn.def \
++ ../../ofstd/include/dcmtk/ofstd/diag/vsprfw.def \
++ ../../ofstd/include/dcmtk/ofstd/diag/arrybnds.def \
++ ../../ofstd/include/dcmtk/ofstd/diag/unrefprm.def \
++ ../../dcmiod/include/dcmtk/dcmiod/modacquisitioncontext.h \
++ ../../dcmiod/include/dcmtk/dcmiod/modenhequipment.h \
++ ../../dcmiod/include/dcmtk/dcmiod/modimagepixel.h \
++ ../../dcmiod/include/dcmtk/dcmiod/modmultiframedimension.h \
++ ../../dcmiod/include/dcmtk/dcmiod/modmultiframefg.h \
++ ../../dcmiod/include/dcmtk/dcmiod/modsynchronisation.h \
++ ../../dcmdata/include/dcmtk/dcmdata/dcvrdt.h \
++ ../../ofstd/include/dcmtk/ofstd/ofdatime.h \
++ ../../ofstd/include/dcmtk/ofstd/ofdate.h \
++ ../../ofstd/include/dcmtk/ofstd/oftime.h \
++ ../../dcmdata/include/dcmtk/dcmdata/dcvrds.h \
++ ../../dcmdata/include/dcmtk/dcmdata/dcvrfd.h \
++ ../../ofstd/include/dcmtk/ofstd/oftempf.h \
++ ../../ofstd/include/dcmtk/ofstd/oftest.h \
++ ../../ofstd/include/dcmtk/ofstd/ofconapp.h \
++ ../../ofstd/include/dcmtk/ofstd/ofcmdln.h \
++ ../../ofstd/include/dcmtk/ofstd/ofexbl.h \
++ ../../ofstd/include/dcmtk/ofstd/ofconsol.h \
++ ../../ofstd/include/dcmtk/ofstd/ofexit.h \
++ ../../dcmdata/include/dcmtk/dcmdata/dcuid.h \
++ ../../dcmdata/include/dcmtk/dcmdata/dcdict.h \
++ ../../dcmdata/include/dcmtk/dcmdata/dchashdi.h \
++ ../../dcmdata/include/dcmtk/dcmdata/dcfilefo.h \
++ ../../dcmdata/include/dcmtk/dcmdata/dcsequen.h \
++ ../../dcmdata/include/dcmtk/dcmdata/dcdatset.h \
++ ../../dcmfg/include/dcmtk/dcmfg/fgctacquisitiondetails.h \
++ ../../dcmfg/include/dcmtk/dcmfg/fgctacquisitiontype.h \
++ ../../dcmfg/include/dcmtk/dcmfg/fgctadditionalxraysource.h \
++ ../../dcmdata/include/dcmtk/dcmdata/dcvrfl.h \
++ ../../dcmdata/include/dcmtk/dcmdata/dcvrsh.h \
++ ../../dcmfg/include/dcmtk/dcmfg/fgctexposure.h \
++ ../../dcmfg/include/dcmtk/dcmfg/fgctgeometry.h \
++ ../../dcmfg/include/dcmtk/dcmfg/fgctimageframetype.h \
++ ../../dcmfg/include/dcmtk/dcmfg/fgctposition.h \
++ ../../dcmfg/include/dcmtk/dcmfg/fgctreconstruction.h \
++ ../../dcmfg/include/dcmtk/dcmfg/fgcttabledynamics.h \
++ ../../dcmfg/include/dcmtk/dcmfg/fgctxraydetails.h \
++ ../../dcmfg/include/dcmtk/dcmfg/fgfracon.h \
++ ../../dcmdata/include/dcmtk/dcmdata/dcvrul.h \
++ ../../dcmfg/include/dcmtk/dcmfg/fgframeanatomy.h \
++ ../../dcmfg/include/dcmtk/dcmfg/fgirradiationeventid.h \
++ ../../dcmdata/include/dcmtk/dcmdata/dcvrui.h \
++ ../../dcmfg/include/dcmtk/dcmfg/fgpixeltransform.h \
++ ../../dcmfg/include/dcmtk/dcmfg/fgpixmsr.h \
++ ../../dcmfg/include/dcmtk/dcmfg/fgplanor.h \
++ ../../dcmfg/include/dcmtk/dcmfg/fgplanpo.h \
++ ../../dcmfg/include/dcmtk/dcmfg/fgrealworldvaluemapping.h \
++ ../../dcmiod/include/dcmtk/dcmiod/iodcontentitemmacro.h
+ t_roundtrip.o: t_roundtrip.cc \
+  ../../config/include/dcmtk/config/osconfig.h \
+  ../../ofstd/include/dcmtk/ofstd/ofmem.h \
+--- dcmtk.orig/dcmect/tests/Makefile.in
++++ dcmtk/dcmect/tests/Makefile.in
+@@ -22,10 +22,10 @@
+ 	-L$(dcmdatadir)/libsrc -L$(dcmioddir)/libsrc -L$(dcmfgdir)/libsrc
+ LOCALLIBS = -ldcmect -ldcmfg -ldcmiod -ldcmdata -loflog -lofstd $(ZLIBLIBS) \
+ 	$(CHARCONVLIBS) $(MATHLIBS)
+-LOCALINCLUDES = -I$(top_srcdir)/include -I$(ofstddir)/include -I$(oflogdir)/include \
++LOCALINCLUDES = -I$(top_srcdir)/include -I$(configdir)/include -I$(ofstddir)/include -I$(oflogdir)/include \
+ 	-I$(dcmdatadir)/include -I$(dcmioddir)/include -I$(dcmfgdir)/include
+ 
+-test_objs = tests.o t_huge_concat.o t_roundtrip.o
++test_objs = tests.o t_huge_concat.o t_overflow.cc t_roundtrip.o
+ objs = $(test_objs)
+ progs = tests
+ 
+--- /dev/null
++++ dcmtk/dcmect/tests/t_overflow.cc
+@@ -0,0 +1,362 @@
++/*
++ *
++ *  Copyright (C) 2024, OFFIS e.V.
++ *  All rights reserved.  See COPYRIGHT file for details.
++ *
++ *  This software and supporting documentation were developed by
++ *
++ *    OFFIS e.V.
++ *    R&D Division Health
++ *    Escherweg 2
++ *    D-26121 Oldenburg, Germany
++ *
++ *
++ *  Module:  dcmect
++ *
++ *  Author:  Daniel Berredo / Michael Onken
++ *
++ *  Purpose: Tests that check for pixel data overflow conditions
++ *
++ */
++
++
++#include <dcmtk/config/osconfig.h> /* make sure OS specific configuration is included first */
++
++#include <dcmtk/dcmect/enhanced_ct.h>
++
++#include <dcmtk/ofstd/oftempf.h>
++#include <dcmtk/ofstd/oftest.h>
++
++#include <dcmtk/dcmdata/dcdict.h>
++#include <dcmtk/dcmdata/dcfilefo.h>
++
++#include <dcmtk/dcmfg/fgctacquisitiondetails.h>
++#include <dcmtk/dcmfg/fgctacquisitiontype.h>
++#include <dcmtk/dcmfg/fgctadditionalxraysource.h>
++#include <dcmtk/dcmfg/fgctexposure.h>
++#include <dcmtk/dcmfg/fgctgeometry.h>
++#include <dcmtk/dcmfg/fgctimageframetype.h>
++#include <dcmtk/dcmfg/fgctposition.h>
++#include <dcmtk/dcmfg/fgctreconstruction.h>
++#include <dcmtk/dcmfg/fgcttabledynamics.h>
++#include <dcmtk/dcmfg/fgctxraydetails.h>
++#include <dcmtk/dcmfg/fgfracon.h>
++#include <dcmtk/dcmfg/fgframeanatomy.h>
++#include <dcmtk/dcmfg/fgirradiationeventid.h>
++#include <dcmtk/dcmfg/fgpixeltransform.h>
++#include <dcmtk/dcmfg/fgpixmsr.h>
++#include <dcmtk/dcmfg/fgplanor.h>
++#include <dcmtk/dcmfg/fgplanpo.h>
++#include <dcmtk/dcmfg/fgrealworldvaluemapping.h>
++
++static const Uint16 NUM_ROWS = 1024;
++static const Uint16 NUM_COLS = 1;
++static const Uint16 NUM_FRAMES = 2;
++static const size_t NUM_PIXELS_PER_FRAME = 1;
++
++static OFString EXPECTED_DUMP;
++
++static EctEnhancedCT *create();
++static void configureIOD(EctEnhancedCT *ct);
++static void setGenericValues(EctEnhancedCT *ct);
++static void addSharedFGs(EctEnhancedCT *ct);
++static void addFrames(EctEnhancedCT *ct);
++static void addDimensions(EctEnhancedCT *ct);
++
++
++OFTEST(dcmect_overflow)
++{
++    /* make sure data dictionary is loaded */
++    if (!dcmDataDict.isDictionaryLoaded())
++    {
++        OFCHECK(dcmDataDict.isDictionaryLoaded());
++    }
++
++    // Creation
++    EctEnhancedCT *ct = create();
++    configureIOD(ct);
++    setGenericValues(ct);
++    addSharedFGs(ct);
++    addFrames(ct);
++    addDimensions(ct);
++
++    // Write to dataset and compare its dump with expected result
++    DcmFileFormat dcmff;
++
++    OFTempFile tf(O_RDWR, "", "t_overflow", ".dcm");
++    OFCondition result;
++    result = ct->saveFile("output.dcm", EXS_LittleEndianExplicit);
++    OFCHECK(result == ECT_InvalidPixelInfo);
++}
++
++static EctEnhancedCT *create()
++{
++    IODEnhGeneralEquipmentModule::EquipmentInfo eq("Open Connections", "OC CT", "4711", "0.1");
++    EctEnhancedCT *ct = NULL;
++    OFCondition result;
++    result = EctEnhancedCT::create(ct,
++                                   NUM_ROWS,
++                                   NUM_COLS,
++                                   OFFalse,
++                                   EctTypes::E_ImageType1_Original,
++                                   EctTypes::DT_ImageType3_Volume,
++                                   EctTypes::DT_ImageType4_Maximum,
++                                   "1" /* instance number */,
++                                   EctTypes::E_ContQuali_Research,
++                                   EctTypes::E_PixelPres_Monochrome,
++                                   EctTypes::E_VolProps_Volume,
++                                   EctTypes::DT_VolBasedCalcTechnique_VolumeRender,
++                                   eq,
++                                   "20190801120000" /* acquisition date */,
++                                   2.0 /* acquisition duration */);
++
++    OFCHECK(result.good());
++    OFCHECK(ct != OFnullptr);
++    return ct;
++}
++
++static void configureIOD(EctEnhancedCT *ct)
++{
++    if (!ct)
++        return;
++}
++
++static void setGenericValues(EctEnhancedCT *ct)
++{
++    if (!ct)
++        return;
++    OFCHECK(ct->getPatient().setPatientName("Bond^James").good());
++    OFCHECK(ct->getPatient().setPatientID("007").good());
++    OFCHECK(ct->getPatient().setPatientBirthDate("19771007").good());
++    OFCHECK(ct->getStudy().setStudyDate("20190801").good());
++    OFCHECK(ct->getStudy().setStudyTime("120000").good());
++    OFCHECK(ct->getStudy().setStudyID("1").good());
++    OFCHECK(ct->getPatientStudy().setPatientAge("040Y").good());
++    OFCHECK(ct->getSeries().setSeriesDescription("Test Description").good());
++    OFCHECK(ct->getSeries().setSeriesNumber("1").good());
++    OFCHECK(ct->getSeries().setPatientPosition("HFS").good());
++
++    // Those values are usually computed automatically. UIDS are generated and date/times are set to current values.
++    // But in order to compare the "old" dump with the freshly created image attributes, we set some values manually,
++    // so that they are not overwritten with new, automatically created values later.
++    OFCHECK(ct->getStudy().setStudyInstanceUID("1.2.276.0.7230010.3.1.2.8323329.14863.1565940357.864811").good());
++    OFCHECK(ct->getFrameOfReference().setFrameOfReferenceUID("2.25.30853397773651184949181049330553108086").good());
++    OFCHECK(ct->getSeries().setSeriesInstanceUID("1.2.276.0.7230010.3.1.3.8323329.14863.1565940357.864812").good());
++    OFCHECK(ct->getSOPCommon().setSOPInstanceUID("1.2.276.0.7230010.3.1.4.8323329.14863.1565940357.864813").good());
++
++    OFCHECK(ct->getIODMultiFrameFGModule().setContentTime("092557").good());
++    OFCHECK(ct->getIODMultiFrameFGModule().setContentDate("20190816").good());
++}
++
++static void addSharedFGs(EctEnhancedCT *ct)
++{
++    if (!ct)
++        return;
++
++    FGPixelMeasures meas;
++    OFCHECK(meas.setPixelSpacing("0.1\\0.1").good());
++    OFCHECK(meas.setSliceThickness("1.0").good());
++    OFCHECK(meas.setSpacingBetweenSlices("0.05").good());
++
++    FGPlanePosPatient planpo;
++    OFCHECK(planpo.setImagePositionPatient("0.0", "0.0", "0.0").good());
++
++    FGPlaneOrientationPatient planor;
++    OFCHECK(planor.setImageOrientationPatient("1.0", "0.0", "0.0", "0.0", "1.0", "0.0").good());
++
++    FGFrameAnatomy ana;
++    OFCHECK(ana.setLaterality(FGFrameAnatomy::LATERALITY_BOTH).good());
++    OFCHECK(ana.getAnatomy().getAnatomicRegion().set("12738006", "SCT", "Brain").good());
++
++    FGIrradiationEventIdentification irr;
++    OFCHECK(irr.setIrradiationEventUID("2.25.30853892236613436472911970638347155062").good());
++
++    FGCTImageFrameType itype;
++    OFCHECK(itype.setFrameType("ORIGINAL\\PRIMARY\\VOLUME\\MAXIMUM").good());
++    OFCHECK(itype.setPixelPresentation(FGCTImageFrameType::E_PixelPres_Monochrome).good());
++    OFCHECK(itype.setVolumetricProperties(FGCTImageFrameType::E_VolProp_Volume).good());
++    OFCHECK(itype.setVolumeBasedCalculationTechnique(FGCTImageFrameType::DT_VolBasedCalcTechnique_VolumeRender).good());
++
++    FGCTAcquisitionType atype;
++    OFCHECK(atype.setAcquisitionType(FGCTAcquisitionType::DT_AcquisitionType_ConstantAngle).good());
++    OFCHECK(atype.setTubeAngle(0.1).good());
++    OFCHECK(atype.setConstantVolumeFlag(FGCTAcquisitionType::E_ConstVol_Yes).good());
++    OFCHECK(atype.setFluoroscopyFlag(FGCTAcquisitionType::E_Fluoroscopy_No).good());
++
++    FGCTAcquisitionDetails adetails;
++    FGCTAcquisitionDetails::FGCTAcquisitionDetailsItem *item = new FGCTAcquisitionDetails::FGCTAcquisitionDetailsItem();
++    OFCHECK(item->setRotationDirection(FGCTAcquisitionDetails::E_RotationDirection_CW).good());
++    OFCHECK(item->setRevolutionTime(5).good());
++    OFCHECK(item->setSingleCollimationWidth(1).good());
++    OFCHECK(item->setTotalCollimationWidth(10).good());
++    OFCHECK(item->setTableHeight(50).good());
++    OFCHECK(item->setGantryDetectorTilt(5).good());
++    OFCHECK(item->setDataCollectionDiameter(20).good());
++    adetails.getCTAcquisitionDetailsItems().push_back(item);
++
++    FGCTTableDynamics dyn;
++    FGCTTableDynamics::FGCTTableDynamicsItem *dyn_item = new FGCTTableDynamics::FGCTTableDynamicsItem;
++    OFCHECK(dyn_item);
++    if (dyn_item)
++    {
++        OFCHECK(dyn_item->setTableSpeed(1.0).good());
++        OFCHECK(dyn_item->setTableFeedPerRotation(0.1).good());
++        OFCHECK(dyn_item->setSpiralPitchFactor(0.2).good());
++        dyn.getCTTableDynamicsItems().push_back(dyn_item);
++    }
++
++    FGCTPosition pos;
++    OFCHECK(pos.setTablePosition(100.0).good());
++    OFCHECK(pos.setReconstructionTargetCenterPatient(OFVector<Float64>(3, 1.0)).good());
++    OFCHECK(pos.setDataCollectionCenterPatient(OFVector<Float64>(3, 2.0)).good());
++
++    FGCTGeometry geo;
++    FGCTGeometry::FGCTGeometryItem *geo_item = new FGCTGeometry::FGCTGeometryItem;
++    if (geo_item)
++    {
++        OFCHECK(geo_item->setDistanceSourceToDataCollectionCenter(5.0).good());
++        OFCHECK(geo_item->setDistanceSourceToDetector(0.5).good());
++        geo.getCTGeometryItems().push_back(geo_item);
++    }
++
++    FGCTReconstruction rec;
++    OFCHECK(rec.setConvolutionKernel("DUMMY").good());
++    OFCHECK(rec.setConvolutionKernelGroup("DUMMYGROUP").good());
++    OFCHECK(rec.setImageFilter("FILTER").good());
++    OFCHECK(rec.setReconstructionAlgorithm("ALGO").good());
++    OFCHECK(rec.setReconstructionAngle(90.0).good());
++    OFCHECK(rec.setReconstructionDiameter(100.0).good());
++    // Not permitted if Reconstruction Diameter is provided instead
++    // OFCHECK(rec.setReconstructionFieldOfView(100.0, 100.0).good());
++    OFCHECK(rec.setReconstructionPixelSpacing(0.1, 0.1).good());
++
++    FGCTExposure exp;
++    FGCTExposure::FGCTExposureItem *exp_item = new FGCTExposure::FGCTExposureItem;
++    if (exp_item)
++    {
++        OFCHECK(exp_item->setCTDIVol(0.1).good());
++        CodeSequenceMacro *phantom_item = new CodeSequenceMacro("113682", "DCM", "ACR Accreditation Phantom - CT");
++        exp_item->getCTDIPhantomTypeCodeSequence().push_back(phantom_item);
++        OFCHECK(exp_item->setExposureInMas(0.3).good());
++        OFCHECK(exp_item->setExposureModulationType("WEIRD").good());
++        OFCHECK(exp_item->setExposureTimeInMs(0.4).good());
++        OFCHECK(exp_item->setImageAndFluoroscopyAreaDoseProduct(0.5).good());
++        OFCHECK(exp_item->setWaterEquivalentDiameter(0.6).good());
++        CodeSequenceMacro *water_code = new CodeSequenceMacro("113987", "DCM", "AAPM 220");
++        exp_item->getWaterEquivalentDiameterCalculationMethodCodeSequence().push_back(water_code);
++        OFCHECK(exp_item->setXRayTubeCurrentInMa(0.7).good());
++        exp.getCTExposureItems().push_back(exp_item);
++    }
++
++    FGCTXRayDetails det;
++    FGCTXRayDetails::FGCTXRayDetailsItem *det_item = new FGCTXRayDetails::FGCTXRayDetailsItem;
++    if (det_item)
++    {
++        OFCHECK(det_item->setCalciumScoringMassFactorDevice(OFVector<Float32>(3, 1)).good());
++        OFCHECK(det_item->setCalciumScoringMassFactorPatient(2).good());
++        OFCHECK(det_item->setEnergyWeightingFactor(3).good());
++        OFCHECK(det_item->setFilterMaterial("FILTER_MATERIAL").good());
++        OFCHECK(det_item->setFilterType("FILTER_TYPE").good());
++        OFCHECK(det_item->setFocalSpots(OFVector<Float64>(4, 4.4)).good());
++        OFCHECK(det_item->setKVP(5.0).good());
++        det.getCTXRayDetailsItems().push_back(det_item);
++    }
++
++    FGPixelValueTransformation trans;
++    trans.setFGType(FGPixelValueTransformation::E_PixelValTrans_CT);
++    trans.setRescaleIntercept("0");
++    trans.setRescaleSlope("1");
++    trans.setRescaleType("HU");
++
++    FGCTAdditionalXRaySource asrc;
++    FGCTAdditionalXRaySource::FGCTAdditionalXRaySourceItem *asrc_item = new FGCTAdditionalXRaySource::FGCTAdditionalXRaySourceItem;
++    if (asrc_item)
++    {
++        OFCHECK(asrc_item->setDataCollectionDiameter(1.0).good());
++        OFCHECK(asrc_item->setEnergyWeightingFactor(2.0).good());
++        OFCHECK(asrc_item->setExposureInmAs(3.0).good());
++        OFCHECK(asrc_item->setFilterMaterial("FILTER_MATERIAL").good());
++        OFCHECK(asrc_item->setFilterType("FILTER_TYPE").good());
++        OFCHECK(asrc_item->setFocalSpots(OFVector<Float64>(4, 4.4)).good());
++        OFCHECK(asrc_item->setKVP(5).good());
++        OFCHECK(asrc_item->setXRayTubeCurrentInmA(6).good());
++        asrc.getCTAdditionalXRaySourceItems().push_back(asrc_item);
++    }
++
++    OFCHECK(ct->addForAllFrames(meas).good());
++    OFCHECK(ct->addForAllFrames(planpo).good());
++    OFCHECK(ct->addForAllFrames(planor).good());
++    OFCHECK(ct->addForAllFrames(ana).good());
++    OFCHECK(ct->addForAllFrames(irr).good());
++    OFCHECK(ct->addForAllFrames(itype).good());
++    OFCHECK(ct->addForAllFrames(atype).good());
++    OFCHECK(ct->addForAllFrames(adetails).good());
++    OFCHECK(ct->addForAllFrames(dyn).good());
++    OFCHECK(ct->addForAllFrames(pos).good());
++    OFCHECK(ct->addForAllFrames(geo).good());
++    OFCHECK(ct->addForAllFrames(rec).good());
++    OFCHECK(ct->addForAllFrames(exp).good());
++    OFCHECK(ct->addForAllFrames(det).good());
++    OFCHECK(ct->addForAllFrames(trans).good());
++    OFCHECK(ct->addForAllFrames(asrc).good());
++}
++
++static void addFrames(EctEnhancedCT *ct)
++{
++    if (!ct)
++        return;
++
++    FGFrameContent *fg = new FGFrameContent();
++    fg->setStackID("1");
++    OFCHECK(fg);
++    if (fg)
++    {
++        EctEnhancedCT::FramesType frames = ct->getFrames();
++        for (Uint16 frameNo = 1; frameNo <= NUM_FRAMES; frameNo++)
++        {
++            OFCHECK(fg->setFrameAcquisitionNumber(frameNo).good());
++            OFCHECK(fg->setFrameReferenceDateTime("20190816092557").good());
++            OFCHECK(fg->setFrameAcquisitionDateTime("20190816092557").good());
++            OFCHECK(fg->setFrameAcquisitionDuration(0.001).good());
++            OFCHECK(fg->setInStackPositionNumber(frameNo).good());
++            OFCHECK(fg->setDimensionIndexValues(1, 0).good());
++            OFCHECK(fg->setDimensionIndexValues(frameNo, 1).good());
++            OFVector<FGBase *> groups;
++            groups.push_back(fg);
++
++            Uint16 *data = new Uint16[NUM_PIXELS_PER_FRAME];
++            for (size_t i = 0; i < NUM_PIXELS_PER_FRAME; ++i)
++            {
++                data[i] = 0x4141;
++            }
++            OFCHECK(
++                OFget<EctEnhancedCT::Frames<Uint16>>(&frames)->addFrame(data, NUM_PIXELS_PER_FRAME, groups).good());
++            delete[] data;
++        }
++    }
++    delete fg;
++}
++
++static void addDimensions(EctEnhancedCT *ct)
++{
++    if (!ct)
++        return;
++    IODMultiframeDimensionModule &dims = ct->getDimensions();
++    OFCHECK(dims.addDimensionIndex(
++                    DCM_StackID, "2.25.30855560781715986879861690673941231222", DCM_FrameContentSequence, "STACK_DIM")
++                .good());
++    OFCHECK(dims.addDimensionIndex(DCM_InStackPositionNumber,
++                                   "2.25.30855560781715986879861690673941231222",
++                                   DCM_FrameContentSequence,
++                                   "STACK_DIM")
++                .good());
++    OFunique_ptr<IODMultiframeDimensionModule::DimensionOrganizationItem> org(
++        new IODMultiframeDimensionModule::DimensionOrganizationItem);
++    if (org)
++    {
++        org->setDimensionOrganizationUID("2.25.30855560781715986879861690673941231222");
++        dims.getDimensionOrganizationSequence().push_back(org.release());
++    }
++}
++
++
+--- dcmtk.orig/dcmect/tests/tests.cc
++++ dcmtk/dcmect/tests/tests.cc
+@@ -1,6 +1,6 @@
+ /*
+  *
+- *  Copyright (C) 2019, OFFIS e.V.
++ *  Copyright (C) 2019-2024, OFFIS e.V.
+  *  All rights reserved.  See COPYRIGHT file for details.
+  *
+  *  This software and supporting documentation were developed by
+@@ -23,5 +23,6 @@
+ #include "dcmtk/ofstd/oftest.h"
+ 
+ OFTEST_REGISTER(dcmect_huge_concat);
++OFTEST_REGISTER(dcmect_overflow);
+ OFTEST_REGISTER(dcmect_roundtrip);
+ OFTEST_MAIN("dcmect")
diff -Nru dcmtk-3.6.7/debian/patches/0010-CVE-2024-34508-34509.patch dcmtk-3.6.7/debian/patches/0010-CVE-2024-34508-34509.patch
--- dcmtk-3.6.7/debian/patches/0010-CVE-2024-34508-34509.patch	1970-01-01 00:00:00.000000000 +0000
+++ dcmtk-3.6.7/debian/patches/0010-CVE-2024-34508-34509.patch	2025-02-01 13:47:36.000000000 +0000
@@ -0,0 +1,88 @@
+Applied-Upstream: c78e434c0c5f9d932874f0b17a8b4ce305ca01f5
+Author: Marco Eichelberg <dicom@offis.de>
+Bug: https://support.dcmtk.org/redmine/issues/1114
+Reviewed-By: Étienne Mollier <emollier@debian.org>
+Last-Update: 2025-02-01
+Description: Fixed two segmentation faults.
+ Fixed two segmentations faults that could occur while processing an
+ invalid incoming DIMSE message due to insufficient error handling
+ causing a de-referenced NULL pointer.
+ .
+ Thanks to Nils Bars <nils.bars@rub.de> for the bug report and sample files.
+ .
+ This closes DCMTK issue #1114.
+
+--- dcmtk.orig/dcmdata/libsrc/dcelem.cc
++++ dcmtk/dcmdata/libsrc/dcelem.cc
+@@ -1,6 +1,6 @@
+ /*
+  *
+- *  Copyright (C) 1994-2021, OFFIS e.V.
++ *  Copyright (C) 1994-2024, OFFIS e.V.
+  *  All rights reserved.  See COPYRIGHT file for details.
+  *
+  *  This software and supporting documentation were developed by
+@@ -717,6 +717,13 @@
+             if (isStreamNew)
+                 delete readStream;
+         }
++        else
++        {
++            errorFlag = EC_InvalidStream; // incomplete dataset read from stream
++            DCMDATA_ERROR("DcmElement: " << getTagName() << " " << getTag()
++                << " larger (" << getLengthField() << ") than remaining bytes ("
++                << getTransferredBytes() << ") in file, premature end of stream");
++        }
+     }
+     /* return result value */
+     return errorFlag;
+--- dcmtk.orig/dcmnet/libsrc/dimcmd.cc
++++ dcmtk/dcmnet/libsrc/dimcmd.cc
+@@ -1,6 +1,6 @@
+ /*
+  *
+- *  Copyright (C) 1994-2021, OFFIS e.V.
++ *  Copyright (C) 1994-2024, OFFIS e.V.
+  *  All rights reserved.  See COPYRIGHT file for details.
+  *
+  *  This software and supporting documentation were partly developed by
+@@ -205,22 +205,25 @@
+             return parseErrorWithMsg("dimcmd:getString: string too small", t);
+         } else {
+             ec =  elem->getString(aString);
+-            strncpy(s, aString, maxlen);
+-            if (spacePadded)
++            if (ec.good())
+             {
+-                /* before we remove leading and tailing spaces we want to know
+-                 * whether the string is actually space padded. Required to communicate
+-                 * with dumb peers which send space padded UIDs and fail if they
+-                 * receive correct UIDs back.
+-                 *
+-                 * This test can only detect space padded strings if
+-                 * dcmEnableAutomaticInputDataCorrection is false; otherwise the padding
+-                 * has already been removed by dcmdata at this stage.
+-                 */
+-                size_t s_len = strlen(s);
+-                if ((s_len > 0)&&(s[s_len-1] == ' ')) *spacePadded = OFTrue; else *spacePadded = OFFalse;
++                strncpy(s, aString, maxlen);
++                if (spacePadded)
++                {
++                    /* before we remove leading and tailing spaces we want to know
++                     * whether the string is actually space padded. Required to communicate
++                     * with dumb peers which send space padded UIDs and fail if they
++                     * receive correct UIDs back.
++                     *
++                     * This test can only detect space padded strings if
++                     * dcmEnableAutomaticInputDataCorrection is false; otherwise the padding
++                     * has already been removed by dcmdata at this stage.
++                     */
++                    size_t s_len = strlen(s);
++                    if ((s_len > 0)&&(s[s_len-1] == ' ')) *spacePadded = OFTrue; else *spacePadded = OFFalse;
++                }
++                DU_stripLeadingAndTrailingSpaces(s);
+             }
+-            DU_stripLeadingAndTrailingSpaces(s);
+         }
+     }
+     return (ec.good())? ec : DIMSE_PARSEFAILED;
diff -Nru dcmtk-3.6.7/debian/patches/0011-CVE-2024-34508-34509_bis.patch dcmtk-3.6.7/debian/patches/0011-CVE-2024-34508-34509_bis.patch
--- dcmtk-3.6.7/debian/patches/0011-CVE-2024-34508-34509_bis.patch	1970-01-01 00:00:00.000000000 +0000
+++ dcmtk-3.6.7/debian/patches/0011-CVE-2024-34508-34509_bis.patch	2025-02-01 13:49:50.000000000 +0000
@@ -0,0 +1,63 @@
+Applied-Upstream: 66c317feae446deda1a389226aa24c95a0eeac4c
+Author: Marco Eichelberg <dicom@offis.de>
+Reviewed-By: Étienne Mollier <emollier@debian.org>
+Last-Update: 2025-02-01
+Description: Fixed DcmDecimalString unit tests.
+
+diff --git a/dcmdata/tests/tvrds.cc b/dcmdata/tests/tvrds.cc
+index a9132a341..0e929304d 100644
+--- a/dcmdata/tests/tvrds.cc
++++ b/dcmdata/tests/tvrds.cc
+@@ -1,6 +1,6 @@
+ /*
+  *
+- *  Copyright (C) 2011-2020, OFFIS e.V.
++ *  Copyright (C) 2011-2024, OFFIS e.V.
+  *  All rights reserved.  See COPYRIGHT file for details.
+  *
+  *  This software and supporting documentation were developed by
+@@ -30,7 +30,7 @@
+ 
+ OFTEST(dcmdata_decimalString_1)
+ {
+-    DcmDecimalString decStr(DCM_ContourData, EVR_DS);
++    DcmDecimalString decStr(DCM_ContourData);
+     OFVector<Float64> doubleVals;
+     OFCHECK(decStr.putString("1\\2.0\\3.5\\-4.99\\+500.005\\6.66E-01").good());
+     OFCHECK(decStr.getFloat64Vector(doubleVals).good());
+@@ -45,7 +45,7 @@ OFTEST(dcmdata_decimalString_1)
+ 
+ OFTEST(dcmdata_decimalString_2)
+ {
+-    DcmDecimalString decStr(DCM_ContourData, EVR_DS);
++    DcmDecimalString decStr(DCM_ContourData);
+     OFVector<Float64> doubleVals;
+     /* insert a NULL byte into the string */
+     OFCHECK(decStr.putString("1\\2.0\\3.5\\-4.99\0\\+500.005\\6.66E-01", 34).good());
+@@ -61,7 +61,7 @@ OFTEST(dcmdata_decimalString_2)
+ 
+ OFTEST(dcmdata_decimalString_3)
+ {
+-    DcmDecimalString decStr(DCM_ContourData, EVR_DS);
++    DcmDecimalString decStr(DCM_ContourData);
+     OFVector<Float64> doubleVals;
+     /* insert a NULL byte into the string */
+     OFCHECK(decStr.putOFStringArray(OFString("1\\2.0\\3.5\\-4.99\0\\+500.005\\6.66E-01", 34)).good());
+@@ -77,7 +77,7 @@ OFTEST(dcmdata_decimalString_3)
+ 
+ OFTEST(dcmdata_decimalString_4)
+ {
+-    DcmDecimalString decStr(DCM_ContourData, EVR_DS);
++    DcmDecimalString decStr(DCM_ContourData);
+     OFVector<Float64> doubleVals;
+     OFCHECK(decStr.putString("1\\2.0\\3.5\\-4.99\\+500.005\\6.66E-01\\").good());
+     OFCHECK_EQUAL(decStr.getVM(), 7);
+@@ -96,7 +96,7 @@ OFTEST(dcmdata_decimalString_putFloat64)
+ {
+     // Test insertion in the beginning
+     OFString testStr;
+-    DcmDecimalString decStr(DCM_ContourData, EVR_DS);
++    DcmDecimalString decStr(DCM_ContourData);
+     OFCHECK(decStr.putFloat64(0, 0).good());
+     decStr.getOFStringArray(testStr);
+     OFCHECK(testStr == "0");
diff -Nru dcmtk-3.6.7/debian/patches/series dcmtk-3.6.7/debian/patches/series
--- dcmtk-3.6.7/debian/patches/series	2024-04-19 11:38:32.000000000 +0000
+++ dcmtk-3.6.7/debian/patches/series	2025-02-01 19:09:27.000000000 +0000
@@ -10,3 +10,8 @@
 #1c8cca4bf6f7c92fc16f9e66faf49409c891a2b0.patch
 f06a867513524664a1b03dfcf812d8b60fdd02cc.patch
 c34f4e46e672ad21accf04da0dc085e43be6f5e1.patch
+0007-CVE-2024-47796.patch
+0008-CVE-2024-52333.patch
+0009-CVE-2024-27628.patch
+0010-CVE-2024-34508-34509.patch
+0011-CVE-2024-34508-34509_bis.patch