Markus Koschany pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
70c636c5 by Markus Koschany at 2023-08-09T08:23:58+02:00
Mark remaining hdf5 CVE as no-dsa/postponed.
Wait until those issues are fixed in unstable.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -103711,16 +103711,19 @@ CVE-2022-26061 (A heap-based buffer overflow
vulnerability exists in the gif2h5
- hdf5 <unfixed> (bug #1031726)
[bookworm] - hdf5 <postponed> (Minor issue, revisit when fixed upstream)
[bullseye] - hdf5 <postponed> (Minor issue, revisit when fixed upstream)
+ [buster] - hdf5 <postponed> (Minor issue, revisit when fixed upstream)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1487
CVE-2022-25972 (An out-of-bounds write vulnerability exists in the gif2h5
functionalit ...)
- hdf5 <unfixed> (bug #1031726)
[bookworm] - hdf5 <postponed> (Minor issue, revisit when fixed upstream)
[bullseye] - hdf5 <postponed> (Minor issue, revisit when fixed upstream)
+ [buster] - hdf5 <postponed> (Minor issue, revisit when fixed upstream)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1485
CVE-2022-25942 (An out-of-bounds read vulnerability exists in the gif2h5
functionality ...)
- hdf5 <unfixed> (bug #1031726)
[bookworm] - hdf5 <postponed> (Minor issue, revisit when fixed upstream)
[bullseye] - hdf5 <postponed> (Minor issue, revisit when fixed upstream)
+ [buster] - hdf5 <postponed> (Minor issue, revisit when fixed upstream)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1486
CVE-2022-0935 (Host Header injection in password Reset in GitHub repository
livehelpe ...)
NOT-FOR-US: livehelperchat
@@ -308039,6 +308042,7 @@ CVE-2019-8398 (An issue was discovered in the HDF
HDF5 1.10.4 library. There is
- hdf5 <unfixed> (bug #1034838)
[bookworm] - hdf5 <no-dsa> (Minor issue)
[bullseye] - hdf5 <no-dsa> (Minor issue)
+ [buster] - hdf5 <no-dsa> (Minor issue)
NOTE: https://github.com/magicSwordsMan/PAAFS/tree/master/vul6
NOTE: https://jira.hdfgroup.org/browse/HDFFV-10710
CVE-2019-8397 (An issue was discovered in the HDF HDF5 1.10.4 library. There
is an ou ...)
@@ -308053,6 +308057,7 @@ CVE-2019-8396 (A buffer overflow in
H5O__layout_encode in H5Olayout.c in the HDF
- hdf5 <unfixed> (bug #1034838)
[bookworm] - hdf5 <no-dsa> (Minor issue)
[bullseye] - hdf5 <no-dsa> (Minor issue)
+ [buster] - hdf5 <no-dsa> (Minor issue)
NOTE: https://github.com/magicSwordsMan/PAAFS/tree/master/vul4
NOTE: https://jira.hdfgroup.org/browse/HDFFV-10712
NOTE: HDFFV-10712 is marked to be closed in a future 1.10.8 upstream
release.
@@ -353341,6 +353346,7 @@ CVE-2018-11205 (A out of bounds read was discovered
in H5VM_memcpyvv in H5VM.c i
- hdf5 <unfixed> (bug #1034807)
[bookworm] - hdf5 <no-dsa> (Minor issue)
[bullseye] - hdf5 <no-dsa> (Minor issue)
+ [buster] - hdf5 <no-dsa> (Minor issue)
NOTE: https://jira.hdfgroup.org/browse/HDFFV-10479
CVE-2018-11204 (A NULL pointer dereference was discovered in
H5O__chunk_deserialize in ...)
- hdf5 1.10.4+repack-1 (low)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/70c636c5a9aa86e41001ee62ec2f063b3e63fc27
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/70c636c5a9aa86e41001ee62ec2f063b3e63fc27
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
