Version in base suite: 0.23.0-gtk3+dfsg-1+deb12u1

Base version: xmedcon_0.23.0-gtk3+dfsg-1+deb12u1
Target version: xmedcon_0.23.0-gtk3+dfsg-1+deb12u2
Base file: /srv/ftp-master.debian.org/ftp/pool/main/x/xmedcon/xmedcon_0.23.0-gtk3+dfsg-1+deb12u1.dsc
Target file: /srv/ftp-master.debian.org/policy/pool/main/x/xmedcon/xmedcon_0.23.0-gtk3+dfsg-1+deb12u2.dsc

 changelog                   |    7 +++++++
 patches/CVE-2025-2581.patch |   40 ++++++++++++++++++++++++++++++++++++++++
 patches/series              |    1 +
 3 files changed, 48 insertions(+)

diff -Nru xmedcon-0.23.0-gtk3+dfsg/debian/changelog xmedcon-0.23.0-gtk3+dfsg/debian/changelog
--- xmedcon-0.23.0-gtk3+dfsg/debian/changelog	2024-08-07 15:51:22.000000000 +0000
+++ xmedcon-0.23.0-gtk3+dfsg/debian/changelog	2025-03-22 18:58:34.000000000 +0000
@@ -1,3 +1,10 @@
+xmedcon (0.23.0-gtk3+dfsg-1+deb12u2) bookworm; urgency=medium
+
+  * Team upload.
+  * CVE-2025-2581.patch: new: fix CVE-2025-2581. (Closes: #1100986)
+
+ -- Étienne Mollier <emollier@debian.org>  Sat, 22 Mar 2025 19:58:34 +0100
+
 xmedcon (0.23.0-gtk3+dfsg-1+deb12u1) bookworm; urgency=medium
 
   * Team upload.
diff -Nru xmedcon-0.23.0-gtk3+dfsg/debian/patches/CVE-2025-2581.patch xmedcon-0.23.0-gtk3+dfsg/debian/patches/CVE-2025-2581.patch
--- xmedcon-0.23.0-gtk3+dfsg/debian/patches/CVE-2025-2581.patch	1970-01-01 00:00:00.000000000 +0000
+++ xmedcon-0.23.0-gtk3+dfsg/debian/patches/CVE-2025-2581.patch	2025-03-22 18:58:34.000000000 +0000
@@ -0,0 +1,40 @@
+Description: Check for overflow between size_t and int64_t.
+Author: Erik Nolf
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1100986
+Applied-Upstream: e7a88836fc2277f8ab777f3ef24f917d08415559
+Reviewed-by: Étienne Mollier <emollier@debian.org>
+Last-Update: 2025-03-22
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+--- xmedcon.orig/libs/dicom/single.c
++++ xmedcon/libs/dicom/single.c
+@@ -22,8 +22,9 @@
+ SINGLE *dicom_single(void)
+ {
+   ELEMENT	*e;
+-  S32		length;
++  S32		length, bytes;
+   U32		i, f;
++  size_t    size;
+   char		*interpretation[]=
+   {
+     "MONOCHROME2",
+@@ -265,7 +266,17 @@
+           /* eNlf: - allocate an extra 4 bytes, otherwise the bit.c   */
+           /* eNlf: routines like source.u++ go beyond the boundaries  */
+           /* eNlf: - memset the allocated buffer for sure             */
+-          data = (U8*)malloc(width*height*pixel*frames+4);
++          bytes = (int64_t)width*height*pixel*frames+4;
++
++          /* check for overflow */
++          size = (size_t)bytes;
++          if ((int64_t)size != bytes) {
++            dicom_log(ERROR,"System size_t too small");
++            return 0L;
++          }
++
++          /* allocate memory */
++          data = (U8*)malloc(bytes);
+           if (!data)
+           {
+             dicom_log(ERROR,"Out of memory");
diff -Nru xmedcon-0.23.0-gtk3+dfsg/debian/patches/series xmedcon-0.23.0-gtk3+dfsg/debian/patches/series
--- xmedcon-0.23.0-gtk3+dfsg/debian/patches/series	2024-08-07 15:51:22.000000000 +0000
+++ xmedcon-0.23.0-gtk3+dfsg/debian/patches/series	2025-03-22 18:58:34.000000000 +0000
@@ -3,3 +3,4 @@
 cross.patch
 typos.patch
 CVE-2024-29421.patch
+CVE-2025-2581.patch