Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9b720cba by Salvatore Bonaccorso at 2023-05-06T20:52:57+02:00
Adjust version with first 1.10.8 based version hitting unstable
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -233922,14 +233922,14 @@ CVE-2020-10812 (An issue was discovered in HDF5
through 1.12.0. A NULL pointer d
NOTE:
https://research.loginsoft.com/bugs/null-pointer-dereference-in-h5fquery-c-hdf5-1-13-0/
NOTE: Negligible security impact, malicous scientific data has more
issues than a crash...
CVE-2020-10811 (An issue was discovered in HDF5 through 1.12.0. A heap-based
buffer ov ...)
- - hdf5 1.10.8+repack1-1 (unimportant)
+ - hdf5 1.10.8+repack-1 (unimportant)
NOTE:
https://github.com/Loginsoft-Research/hdf5-reports/tree/master/Vuln_2
NOTE:
https://research.loginsoft.com/bugs/heap-buffer-overflow-in-h5olayout-c-hdf5-1-13-0/
NOTE: Negligible security impact, malicous scientific data has more
issues than a crash...
NOTE: Fixed in 1.10.x-series in 1.10.8
https://forum.hdfgroup.org/t/release-of-hdf5-1-10-8-newsletter-180/9108
NOTE: Duplicate of CVE-2018-14033
CVE-2020-10810 (An issue was discovered in HDF5 through 1.12.0. A NULL pointer
derefer ...)
- - hdf5 1.10.8+repack1-1 (unimportant)
+ - hdf5 1.10.8+repack-1 (unimportant)
NOTE:
https://github.com/Loginsoft-Research/hdf5-reports/tree/master/Vuln_3
NOTE:
https://research.loginsoft.com/bugs/null-pointer-dereference-in-h5ac-c-hdf5-1-13-0/
NOTE: Negligible security impact, malicous scientific data has more
issues than a crash...
@@ -324518,7 +324518,7 @@ CVE-2018-17436 (ReadCode() in decompress.c in the HDF
HDF5 through 1.10.3 librar
NOTE: Negligible security impact
NOTE: Fixed in 1.10.x-series in 1.10.10
https://forum.hdfgroup.org/t/release-of-hdf5-1-10-10-newsletter-192/11006
CVE-2018-17435 (A heap-based buffer over-read in H5O_attr_decode() in
H5Oattr.c in the ...)
- - hdf5 1.10.8+repack1-1 (unimportant)
+ - hdf5 1.10.8+repack-1 (unimportant)
NOTE:
https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln7#heap-overflow-in-h5o_attr_decode
NOTE: https://jira.hdfgroup.org/browse/HDFFV-10591
NOTE: Negligible security impact
@@ -324539,7 +324539,7 @@ CVE-2018-17433 (A heap-based buffer overflow in
ReadGifImageDesc() in gifread.c
NOTE: Negligible security impact
NOTE: Fixed in 1.10.x-series in 1.10.10
https://forum.hdfgroup.org/t/release-of-hdf5-1-10-10-newsletter-192/11006
CVE-2018-17432 (A NULL pointer dereference in H5O_sdspace_encode() in
H5Osdspace.c in ...)
- - hdf5 1.10.8+repack1-1 (unimportant)
+ - hdf5 1.10.8+repack-1 (unimportant)
[buster] - hdf5 <no-dsa> (Minor issue)
[stretch] - hdf5 <no-dsa> (Minor issue)
[jessie] - hdf5 <ignored> (Minor issue)
@@ -332472,7 +332472,7 @@ CVE-2018-14461 (The LDP parser in tcpdump before
4.9.3 has a buffer over-read in
- tcpdump 4.9.3-1 (bug #941698)
NOTE:
https://github.com/the-tcpdump-group/tcpdump/commit/aa5c6b710dfd8020d2c908d6b3bd41f1da719b3b
CVE-2018-14460 (An issue was discovered in the HDF HDF5 1.8.20 library. There
is a hea ...)
- - hdf5 1.10.8+repack1-1 (unimportant)
+ - hdf5 1.10.8+repack-1 (unimportant)
NOTE: https://github.com/TeamSeri0us/pocs/blob/master/hdf5/README3.md
NOTE: Negligible security impact
NOTE: Fixed in 1.10.x-series in 1.10.8
https://forum.hdfgroup.org/t/release-of-hdf5-1-10-8-newsletter-180/9108
@@ -333660,7 +333660,7 @@ CVE-2018-14034 (An issue was discovered in the HDF
HDF5 1.8.20 library. There is
NOTE: https://github.com/TeamSeri0us/pocs/blob/master/hdf5/README2.md
NOTE: Negligible security impact
CVE-2018-14033 (An issue was discovered in the HDF HDF5 1.8.20 library. There
is a hea ...)
- - hdf5 1.10.8+repack1-1 (unimportant)
+ - hdf5 1.10.8+repack-1 (unimportant)
NOTE: https://github.com/TeamSeri0us/pocs/blob/master/hdf5/README2.md
NOTE: Negligible security impact
NOTE: Fixed in 1.10.x-series in 1.10.8
https://forum.hdfgroup.org/t/release-of-hdf5-1-10-8-newsletter-180/9108
@@ -334029,12 +334029,12 @@ CVE-2018-13871 (An issue was discovered in the HDF
HDF5 1.8.20 library. There is
NOTE: https://github.com/TeamSeri0us/pocs/tree/master/hdf5
NOTE: Negligible HDF crash, never properly reported upstrem
CVE-2018-13870 (An issue was discovered in the HDF HDF5 1.8.20 library. There
is a hea ...)
- - hdf5 1.10.8+repack1-1 (unimportant)
+ - hdf5 1.10.8+repack-1 (unimportant)
NOTE: Negligible HDF crash, never properly reported upstrem
NOTE: https://github.com/TeamSeri0us/pocs/tree/master/hdf5
NOTE: Fixed for 1.10.x in 1.10.7:
https://forum.hdfgroup.org/t/release-of-hdf5-1-10-7-newsletter-175-the-hdf-group/7511
CVE-2018-13869 (An issue was discovered in the HDF HDF5 1.8.20 library. There
is a mem ...)
- - hdf5 1.10.8+repack1-1 (unimportant)
+ - hdf5 1.10.8+repack-1 (unimportant)
NOTE: Negligible HDF crash, never properly reported upstrem
NOTE: https://github.com/TeamSeri0us/pocs/tree/master/hdf5
NOTE: Fixed for 1.10.x in 1.10.7:
https://forum.hdfgroup.org/t/release-of-hdf5-1-10-7-newsletter-175-the-hdf-group/7511
@@ -341286,7 +341286,7 @@ CVE-2018-11207 (A division by zero was discovered in
H5D__chunk_init in H5Dchunk
NOTE: https://jira.hdfgroup.org/browse/HDFFV-10481
NOTE:
https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/commits/d0362ce438aef8ad690d5b084d929403c9877107
CVE-2018-11206 (An out of bounds read was discovered in H5O_fill_new_decode
and H5O_fi ...)
- - hdf5 1.10.8+repack1-1 (low)
+ - hdf5 1.10.8+repack-1 (low)
[stretch] - hdf5 <no-dsa> (Minor issue)
[jessie] - hdf5 <no-dsa> (Minor issue)
[wheezy] - hdf5 <no-dsa> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9b720cbad121e906deacf427c8503606e1655bdb
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9b720cbad121e906deacf427c8503606e1655bdb
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
