Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3f4f57df by Moritz Mühlenhoff at 2024-12-27T17:37:35+01:00
more hdf5 fixes in sid, based on BTS bug closures
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -227817,23 +227817,26 @@ CVE-2022-26892
CVE-2022-26891 (Microsoft Edge (Chromium-based) Elevation of Privilege
Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-26061 (A heap-based buffer overflow vulnerability exists in the
gif2h5 functi ...)
- - hdf5 <unfixed> (bug #1031726)
+ - hdf5 1.10.10+repack-1 (bug #1031726)
[bookworm] - hdf5 <postponed> (Minor issue, revisit when fixed upstream)
[bullseye] - hdf5 <postponed> (Minor issue, revisit when fixed upstream)
[buster] - hdf5 <postponed> (Minor issue, revisit when fixed upstream)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1487
+ NOTE: Starting with 1.10.10+repack-1 gif2h5 and h52gif are no longer
installed
CVE-2022-25972 (An out-of-bounds write vulnerability exists in the gif2h5
functionalit ...)
- - hdf5 <unfixed> (bug #1031726)
+ - hdf5 1.10.10+repack-1 (bug #1031726)
[bookworm] - hdf5 <postponed> (Minor issue, revisit when fixed upstream)
[bullseye] - hdf5 <postponed> (Minor issue, revisit when fixed upstream)
[buster] - hdf5 <postponed> (Minor issue, revisit when fixed upstream)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1485
+ NOTE: Starting with 1.10.10+repack-1 gif2h5 and h52gif are no longer
installed
CVE-2022-25942 (An out-of-bounds read vulnerability exists in the gif2h5
functionality ...)
- - hdf5 <unfixed> (bug #1031726)
+ - hdf5 1.10.10+repack-1 (bug #1031726)
[bookworm] - hdf5 <postponed> (Minor issue, revisit when fixed upstream)
[bullseye] - hdf5 <postponed> (Minor issue, revisit when fixed upstream)
[buster] - hdf5 <postponed> (Minor issue, revisit when fixed upstream)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1486
+ NOTE: Starting with 1.10.10+repack-1 gif2h5 and h52gif are no longer
installed
CVE-2022-0935 (Host Header injection in password Reset in GitHub repository
livehelpe ...)
NOT-FOR-US: livehelperchat
CVE-2022-26886
@@ -432564,7 +432567,7 @@ CVE-2019-8400 (ORY Hydra before v1.0.0-rc.3+oryOS.9
has Reflected XSS via the oa
CVE-2019-8399
RESERVED
CVE-2019-8398 (An issue was discovered in the HDF HDF5 1.10.4 library. There
is an ou ...)
- - hdf5 <unfixed> (bug #1034838)
+ - hdf5 1.14.5+repack-1 (bug #1034838)
[bookworm] - hdf5 <no-dsa> (Minor issue)
[bullseye] - hdf5 <no-dsa> (Minor issue)
[buster] - hdf5 <no-dsa> (Minor issue)
@@ -477884,7 +477887,7 @@ CVE-2018-11206 (An out of bounds read was discovered
in H5O_fill_new_decode and
NOTE: https://github.com/TeamSeri0us/pocs/blob/master/hdf5/README2.md
NOTE: Fixed in 1.10.x-series in 1.10.8
https://forum.hdfgroup.org/t/release-of-hdf5-1-10-8-newsletter-180/9108
CVE-2018-11205 (A out of bounds read was discovered in H5VM_memcpyvv in H5VM.c
in the ...)
- - hdf5 <unfixed> (bug #1034807)
+ - hdf5 1.14.5+repack-1 (bug #1034807)
[bookworm] - hdf5 <no-dsa> (Minor issue)
[bullseye] - hdf5 <no-dsa> (Minor issue)
[buster] - hdf5 <no-dsa> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3f4f57df0a90009dedf109881dff47562e529218
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3f4f57df0a90009dedf109881dff47562e529218
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
