Your message dated Mon, 05 Jan 2026 22:07:12 +0000
with message-id <[email protected]>
and subject line Bug#1117722: fixed in hdf5 1.14.6+repack-1~exp18
has caused the Debian Bug report #1117722,
regarding hdf5: explain security support status in README.Debian
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1117722: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117722
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: debian-security-support
Severity: normal
X-Debbugs-Cc: Debian Security Team <[email protected]>,
[email protected]
I propose to mark hdf5 as limited support in Debian 11 (bullseye).
# Package Description
Hierarchical Data Format 5 (HDF5) is a file format and library for
storing scientific data. HDF5 was designed and implemented to address
the deficiencies of HDF4.x. It has a more powerful and flexible data
model, supports files larger than 2 GB, and supports parallel I/O.
# Obstacles Preventing Continued Support
Upstream does not seem to support security updates of older releases.
There are tags of the 1.10 series in bullseye up to 1.10.11 but they
contain a lot of changes all over the place, like reformatting, adding
new functionality and behavior changes. So uploading a new upstream
version seems too risky. On the other hand the upstream git has no clear
commits of the security patches. They are often committed in bulk and
then partly reverted due to regressions and later committed again,
probably due to other commits in between fixing the regressions. There
is https://github.com/HDFGroup/cve_hdf5.git which allows easy testing of
the CVEs and I tried cherry-picking some commits but it resulted in
different tests failing.
# Proposed entry for security-support.deb11
hdf5 limited Not covered by security support, only suitable for trusted
content, see -1
--- End Message ---
--- Begin Message ---
Source: hdf5
Source-Version: 1.14.6+repack-1~exp18
Done: Gilles Filippini <[email protected]>
We believe that the bug you reported is fixed in the latest version of
hdf5, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Gilles Filippini <[email protected]> (supplier of updated hdf5 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 05 Jan 2026 22:22:07 +0100
Source: hdf5
Architecture: source
Version: 1.14.6+repack-1~exp18
Distribution: experimental
Urgency: medium
Maintainer: Gilles Filippini <[email protected]>
Changed-By: Gilles Filippini <[email protected]>
Closes: 1117722
Changes:
hdf5 (1.14.6+repack-1~exp18) experimental; urgency=medium
.
* Fix again compiler wrappers to match all possible cases and reinstate
-shlib and -noshlib flags
* New patch pkgconfig-private.patch to fix installed pkgconfig files
for static linking
.
[ Sylvain Beucler ]
* Explain security support status in README.Debian (Closes: #1117722)
Checksums-Sha1:
e00746249005dd372fead653c44fbb8e40038ab1 3860 hdf5_1.14.6+repack-1~exp18.dsc
80dbf2e36cadecd11d34503e2c4a33ac4e5cba52 166016
hdf5_1.14.6+repack-1~exp18.debian.tar.xz
1420f8da67048d89abc1af4b70724907e63751b9 30131
hdf5_1.14.6+repack-1~exp18_amd64.buildinfo
Checksums-Sha256:
4c830fd896a16bf14be3cc85569854a050c0663e455042333663b6ce0ca7ecfd 3860
hdf5_1.14.6+repack-1~exp18.dsc
514215b9970b284421591da94ba810f6cde32737a2d07a3e962933bf6ab2112c 166016
hdf5_1.14.6+repack-1~exp18.debian.tar.xz
e46c34c9abd7e2ac7109224d0ac6f41fc11b402c01fcecf11ca7de5801265f5c 30131
hdf5_1.14.6+repack-1~exp18_amd64.buildinfo
Files:
870c3aa4085dc0ab8b41546d8e1a7c09 3860 science optional
hdf5_1.14.6+repack-1~exp18.dsc
a5c7ca88afa825361596c0b3453d5a71 166016 science optional
hdf5_1.14.6+repack-1~exp18.debian.tar.xz
43cc16d1805b5b59d1788d775d3c273e 30131 science optional
hdf5_1.14.6+repack-1~exp18_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQFEBAEBCgAuFiEEoJObzArDE05WtIyR7+hsbH/+z4MFAmlcMl8QHHBpbmlAZGVi
aWFuLm9yZwAKCRDv6Gxsf/7Pg27+B/9kGCUgmSjhrxkWODicU/vothG3QoqNM0fT
NoobfPgbaRK7UwUiJdWJiUeNXfxwu2svr6/g+BA5vbLEGcLydbVgCHp6h0HymEnl
wlBYR1OGuvtJZUKC0iCeRHDYfnULWoH2iJmGJZoMLZwnC19D0E/iT7Sxrtqsu8CJ
0gcaFXOEdLWFL0T981JQ9uRHlbhMdSCsygH0v4TBj9iqq2INDeK4zBA7Gy855d5l
Ek+cFfvtN+DHmTJ50A6GrU3wawIXXYN8qb7LOnK+zhWzVKOKyDN826sxgCRH9DjN
LfLWgFOFW9v4g18XnZl+SvcYMXEV1+LXafYPfxUHEulm/QlC7ZZO
=Xy/i
-----END PGP SIGNATURE-----
pgpONyam6CgPz.pgp
Description: PGP signature
--- End Message ---
