-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 19 Jul 2023 16:00:04 +0200 Source: orthanc Binary: liborthancframework-dev liborthancframework1 liborthancframework1-dbgsym orthanc orthanc-dbgsym orthanc-dev Architecture: mips64el Version: 1.10.1+dfsg-2+deb12u1 Distribution: bookworm-security Urgency: high Maintainer: mipsel Build Daemon (mipsel-osuosl-05) Changed-By: Étienne Mollier Description: liborthancframework-dev - Orthanc Framework development files liborthancframework1 - Orthanc Framework library orthanc - Lightweight, RESTful DICOM server for medical imaging orthanc-dev - Orthanc development files Closes: 1040597 Changes: orthanc (1.10.1+dfsg-2+deb12u1) bookworm-security; urgency=high . * Team upload. * cve-2023-33466.patch: disable file system writes. This patch backports the option RestApiWriteToFileSystemEnabled to Orthanc in Debian bookworm. This allows delivering Orthanc without being vulnerable to arbitrary writes to the file system by authenticated users, referenced as CVE-2023-33466. The legacy and vulnerable behaviour can be restored by setting the variable RestApiWriteToFileSystemEnabled to true in /etc/orthanc/orthanc.json. (Closes: #1040597) Checksums-Sha1: cbb64c039a8a7927f8ebf3e8718e89c0d57cf832 113056 liborthancframework-dev_1.10.1+dfsg-2+deb12u1_mips64el.deb f286442accab72208006eda496e2065bb72e4115 16432504 liborthancframework1-dbgsym_1.10.1+dfsg-2+deb12u1_mips64el.deb 246d217b1fffb82c24f20658a1732f8d9e549ae8 1807160 liborthancframework1_1.10.1+dfsg-2+deb12u1_mips64el.deb ecab41aa2e113d2fdba751ce9c86e0ad28758867 39941364 orthanc-dbgsym_1.10.1+dfsg-2+deb12u1_mips64el.deb fdbfa928c19adab8e236931e930b258b7d4ca9e2 79444 orthanc-dev_1.10.1+dfsg-2+deb12u1_mips64el.deb 3549cafd3424ffb6510af5e997475380d598f4e2 16779 orthanc_1.10.1+dfsg-2+deb12u1_mips64el-buildd.buildinfo c659b5041dc98d097dd2e05f4561a4f016c50803 1464556 orthanc_1.10.1+dfsg-2+deb12u1_mips64el.deb Checksums-Sha256: 045b26a38c77dd7ac217b25579af94dc5e91e00673310a6379a5584e433e98b1 113056 liborthancframework-dev_1.10.1+dfsg-2+deb12u1_mips64el.deb ecec30c6764e968f6fac9a70af3815b2162c1d57b11c1626ed5588a038b5b126 16432504 liborthancframework1-dbgsym_1.10.1+dfsg-2+deb12u1_mips64el.deb 6fbef7060c697b94fdd549804666544d1e9b78ea481504e181088b494a04d853 1807160 liborthancframework1_1.10.1+dfsg-2+deb12u1_mips64el.deb 73429b2ac90b5319d3aeb36d8d17ee7319367560317b12678759274a71574682 39941364 orthanc-dbgsym_1.10.1+dfsg-2+deb12u1_mips64el.deb 5284451fbadc161252d479823252c8e5f0693c1a7fcfae3de3fa6491d1cde15c 79444 orthanc-dev_1.10.1+dfsg-2+deb12u1_mips64el.deb 23959ddccb7d0fdbafe7b189231a6762f2eefcba94aa99f50fe0bd13907a6263 16779 orthanc_1.10.1+dfsg-2+deb12u1_mips64el-buildd.buildinfo a7b0975a3193cb880906184203ca1c57cdb8607ac800158c16352e361b9a614c 1464556 orthanc_1.10.1+dfsg-2+deb12u1_mips64el.deb Files: 2a1cc6f314a5314d1a13d8a925e39818 113056 libdevel optional liborthancframework-dev_1.10.1+dfsg-2+deb12u1_mips64el.deb 6e4f2c44fee39cc8137c456c9ff0ea06 16432504 debug optional liborthancframework1-dbgsym_1.10.1+dfsg-2+deb12u1_mips64el.deb 5ed3c0bc15ecbf1e88c008ee10031258 1807160 libs optional liborthancframework1_1.10.1+dfsg-2+deb12u1_mips64el.deb 28c2fe6690efe41d61bc33e6276775cd 39941364 debug optional orthanc-dbgsym_1.10.1+dfsg-2+deb12u1_mips64el.deb 012b87ef086133893b43f94a593e6335 79444 libdevel optional orthanc-dev_1.10.1+dfsg-2+deb12u1_mips64el.deb 0d7ca32dd43e757aafac4377d97732b5 16779 science optional orthanc_1.10.1+dfsg-2+deb12u1_mips64el-buildd.buildinfo 9e0aae6acd711f32144fce04183a599e 1464556 science optional orthanc_1.10.1+dfsg-2+deb12u1_mips64el.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE7FUbSrfgk+qhJhySoQbzkdO+xGgFAmTSv5gACgkQoQbzkdO+ xGjZ1xAA1B+VGbwfFJ5Q157MpZNStnog/Ljaq73RIbkllIP/+W/uBuJwmQBp3G6/ L6QST8PpjjTNSHdrz88YucOzfgLMwSlu/PjXv4zG11BpLMMwrw4S/H05OQgPyhBM qtcqeDzI8mkUhH3c2pWgQJ8BkVI7aQdxfQNK5JYmybLvxcE+D81z6SWM9bjYcJIE ezZ1DE6TLAxOLlAk0xlJ6KN1Ae71t5VTVe2Br/ZRig5B82eTddlAJB8vpoosdZdh yMYcr5OeM2+7I5GJa33FjfYMjrbD/0a8UYGDD6blIXSCNGFVygEmX4GXWx23Qfce DMx46aVTP2XWbfjZwyXkpzz0wWJNm8lZEGx96iY6Nm38oiNE576bJmRMNOMiqcXv /suTw2KxslrRpX0xiVaW8tT7Y5zGe0d4H5S3as/JS3i22QBHF5esbKX4Tf0Q5fgR +3+/v1rgY9wsTvX8/j9nMxAykxhdV0DOEItOqZCygmiHutcqG7SdcGJcUHNWQ26t 4ApHlnb5C0Ry3w+/TJAuzPOg6l9KjxIr9L8Nw5WAg1fqr32rcrAqhv3/ai4HBc7J gXqn8n3pLDLN5DH6zCPv8l5Mpxkwxa9OocWqEu2lA0m7OozHjtgJAquLBgAj7wLE 9qAtNHHrY7Z+LIFmkILOOuyyA3jSUlsFUarViy5QEsr8F5FsqgQ= =xdU+ -----END PGP SIGNATURE-----