Your message dated Sun, 18 Jan 2026 12:34:44 +0000
with message-id <[email protected]>
and subject line Bug#1117722: fixed in hdf5 1.14.6+repack-1
has caused the Debian Bug report #1117722,
regarding hdf5: explain security support status in README.Debian
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1117722: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117722
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: debian-security-support
Severity: normal
X-Debbugs-Cc: Debian Security Team <[email protected]>,
[email protected]
I propose to mark hdf5 as limited support in Debian 11 (bullseye).
# Package Description
Hierarchical Data Format 5 (HDF5) is a file format and library for
storing scientific data. HDF5 was designed and implemented to address
the deficiencies of HDF4.x. It has a more powerful and flexible data
model, supports files larger than 2 GB, and supports parallel I/O.
# Obstacles Preventing Continued Support
Upstream does not seem to support security updates of older releases.
There are tags of the 1.10 series in bullseye up to 1.10.11 but they
contain a lot of changes all over the place, like reformatting, adding
new functionality and behavior changes. So uploading a new upstream
version seems too risky. On the other hand the upstream git has no clear
commits of the security patches. They are often committed in bulk and
then partly reverted due to regressions and later committed again,
probably due to other commits in between fixing the regressions. There
is https://github.com/HDFGroup/cve_hdf5.git which allows easy testing of
the CVEs and I tried cherry-picking some commits but it resulted in
different tests failing.
# Proposed entry for security-support.deb11
hdf5 limited Not covered by security support, only suitable for trusted
content, see -1
--- End Message ---
--- Begin Message ---
Source: hdf5
Source-Version: 1.14.6+repack-1
Done: Gilles Filippini <[email protected]>
We believe that the bug you reported is fixed in the latest version of
hdf5, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Gilles Filippini <[email protected]> (supplier of updated hdf5 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 18 Jan 2026 12:01:01 +0100
Source: hdf5
Architecture: source
Version: 1.14.6+repack-1
Distribution: unstable
Urgency: medium
Maintainer: Gilles Filippini <[email protected]>
Changed-By: Gilles Filippini <[email protected]>
Closes: 1117722
Changes:
hdf5 (1.14.6+repack-1) unstable; urgency=medium
.
* New upstream release
* Refresh patches
* Update symbols files
.
[ Sylvain Beucler ]
* Explain security support status in README.Debian (Closes: #1117722)
Checksums-Sha1:
169437fcda789f2056549b74cb17c6d742c06503 3824 hdf5_1.14.6+repack-1.dsc
6c0fe76de82c9e518cf5e4be350a90657758b93e 38945289
hdf5_1.14.6+repack.orig.tar.gz
de1a4a33b9976d8a1b979b9eb3feae7389e63f94 163136
hdf5_1.14.6+repack-1.debian.tar.xz
cdc0cd55607a82573cf5566caa76110f6de8286d 28945
hdf5_1.14.6+repack-1_amd64.buildinfo
Checksums-Sha256:
4ea5ab3cf429c70bfac3c4696ffc3f4a4866ad0bb85b7328e24a451a845dd61f 3824
hdf5_1.14.6+repack-1.dsc
c18bc47d07f76a5c2cfb70773bfe4152857e48ca4c96e7aef2684c96fa0e6a7c 38945289
hdf5_1.14.6+repack.orig.tar.gz
fb637dca8c882f43e61a2d4cc0e5fd93aeb993158b3796061b7349f376577e1d 163136
hdf5_1.14.6+repack-1.debian.tar.xz
12188fcddbee44d04c84d54a78ec628d02a516c527112eff5897ab1171143eff 28945
hdf5_1.14.6+repack-1_amd64.buildinfo
Files:
09a2c66581371d98ef48a31390d97440 3824 science optional hdf5_1.14.6+repack-1.dsc
7c34e430c9bca7bbb3c99d97f0502446 38945289 science optional
hdf5_1.14.6+repack.orig.tar.gz
3703b917d988227da5b40ab9cfbb40f8 163136 science optional
hdf5_1.14.6+repack-1.debian.tar.xz
10c6699805d4cc9a808327f1e445bd90 28945 science optional
hdf5_1.14.6+repack-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQFEBAEBCgAuFiEEoJObzArDE05WtIyR7+hsbH/+z4MFAmlszbIQHHBpbmlAZGVi
aWFuLm9yZwAKCRDv6Gxsf/7Pg0T+B/wIS6vpDsR9p0V7zCc9KOJfqte5tRH4D3p8
1fVW4myv7UM152YcIvvFEOfu2/lmAqGvjjXR8DjmYY85EcAsnlqLlsjtkTj5bQRY
UEqbc6CxrRsSPFZWXhFZhMXzbLYtnBs50rC1efCWPUWr71jJQ0IL4/hRConh4m+e
uQcIS7nkYh0t+6MlR7gBO+nL1DRXoQazAXF/lh85RkhqByo3rysCEI+J5qNargeH
2jh0Be65rkY7Rve9naaTKegO9TJQfcbIIQgYqs8Hl9N3HkCgJXlTugzBaUTsemMh
U8Cd2ifzBWU/5AvX5gLuw0O9TDaCdxqyGC1bOtRz2Mg4NVs0c/sj
=yk6M
-----END PGP SIGNATURE-----
pgppaI4m8bJ3u.pgp
Description: PGP signature
--- End Message ---
