Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b402017b by Salvatore Bonaccorso at 2019-03-30T09:19:13Z
Three CVEs fixed for hdf5 in experimental
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -33175,7 +33175,8 @@ CVE-2018-17438 (A SIGFPE signal is raised in the
function H5D__select_io() of H5
- hdf5 <undetermined>
NOTE:
https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln4#divided-by-zero---poc_h5d__select_io_h5dselect
CVE-2018-17437 (Memory leak in the H5O_dtype_decode_helper() function in
H5Odtype.c in ...)
- - hdf5 <undetermined>
+ [experimental] - hdf5 1.10.5+repack-1~exp1
+ - hdf5 <unfixed>
NOTE:
https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln5#memory-leak-in-h5o_dtype_decode_helper
CVE-2018-17436 (ReadCode() in decompress.c in the HDF HDF5 through 1.10.3
library allo ...)
- hdf5 <undetermined>
@@ -33184,7 +33185,8 @@ CVE-2018-17435 (A heap-based buffer over-read in
H5O_attr_decode() in H5Oattr.c
- hdf5 <undetermined>
NOTE:
https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln7#heap-overflow-in-h5o_attr_decode
CVE-2018-17434 (A SIGFPE signal is raised in the function apply_filters() of
h5repack_ ...)
- - hdf5 <undetermined>
+ [experimental] - hdf5 1.10.5+repack-1~exp1
+ - hdf5 <unfixed>
NOTE:
https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln4#divided-by-zero---poc_apply_filters_h5repack_filters
CVE-2018-17433 (A heap-based buffer overflow in ReadGifImageDesc() in
gifread.c in the ...)
- hdf5 <undetermined>
@@ -33630,7 +33632,8 @@ CVE-2018-17234 (Memory leak in the
H5O__chunk_deserialize() function in H5Ocache
- hdf5 <undetermined>
NOTE:
https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln3#memory-leak---h5o__chunk_deserialize_memory_leak
CVE-2018-17233 (A SIGFPE signal is raised in the function
H5D__create_chunk_file_map_h ...)
- - hdf5 <undetermined>
+ [experimental] - hdf5 1.10.5+repack-1~exp1
+ - hdf5 <unfixed>
NOTE:
https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln2#divided-by-zero---h5d__create_chunk_file_map_hyper_div_zero
CVE-2018-17232 (SQL injection vulnerability in archivebot.py in docmarionum1
Slack Arc ...)
NOT-FOR-US: docmarionum1 Slack ArchiveBot (slack-archive-bot)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/b402017b1d66554c8189e84eb90d20cc0e2b7865
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/b402017b1d66554c8189e84eb90d20cc0e2b7865
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
