[Git][security-tracker-team/security-tracker][master] Add new hdf5 with undetermined status
Salvatore Bonaccorso
carnil at debian.org
Tue Sep 25 21:18:09 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b06983d1 by Salvatore Bonaccorso at 2018-09-25T20:16:15Z
Add new hdf5 with undetermined status
As with previous reports from SegfaultMasters it is here sufficiently
clear that the issues are associated with src:hdf5, so track those. But
not yet as <unfixed> as it is as well here not clear if the reports were
just trown in on github and CVEs requested without making upstream aware
of the issues.
keep as well TODO check item as we defintively only started tracking the
source package here.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -179,20 +179,36 @@ CVE-2018-17441
CVE-2018-17440
RESERVED
CVE-2018-17439 (An issue was discovered in the HDF HDF5 1.10.3 library. There is a ...)
+ - hdf5 <undetermined>
+ NOTE: https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln5#stack-overflow-in-h5s_extent_get_dims
TODO: check
CVE-2018-17438 (A SIGFPE signal is raised in the function H5D__select_io() of ...)
+ - hdf5 <undetermined>
+ NOTE: https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln4#divided-by-zero---poc_h5d__select_io_h5dselect
TODO: check
CVE-2018-17437 (Memory leak in the H5O_dtype_decode_helper() function in H5Odtype.c in ...)
+ - hdf5 <undetermined>
+ NOTE: https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln5#memory-leak-in-h5o_dtype_decode_helper
TODO: check
CVE-2018-17436 (ReadCode() in decompress.c in the HDF HDF5 through 1.10.3 library ...)
+ - hdf5 <undetermined>
+ NOTE: https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln8#invalid-write-memory-access-in-decompressc
TODO: check
CVE-2018-17435 (A heap-based buffer over-read in H5O_attr_decode() in H5Oattr.c in the ...)
+ - hdf5 <undetermined>
+ NOTE: https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln7#heap-overflow-in-h5o_attr_decode
TODO: check
CVE-2018-17434 (A SIGFPE signal is raised in the function apply_filters() of ...)
+ - hdf5 <undetermined>
+ NOTE: https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln4#divided-by-zero---poc_apply_filters_h5repack_filters
TODO: check
CVE-2018-17433 (A heap-based buffer overflow in ReadGifImageDesc() in gifread.c in the ...)
+ - hdf5 <undetermined>
+ NOTE: https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln8#heap-overflow-in-readgifimagedesc
TODO: check
CVE-2018-17432 (A NULL pointer dereference in H5O_sdspace_encode() in H5Osdspace.c in ...)
+ - hdf5 <undetermined>
+ NOTE: https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln6#null-pointer-dereference-in-h5o_sdspace_encode
TODO: check
CVE-2018-17431
RESERVED
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b06983d113ba5219a8b6f8c2a3cbac99e224ce93
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b06983d113ba5219a8b6f8c2a3cbac99e224ce93
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180925/1a90eadb/attachment.html>
More information about the debian-security-tracker-commits
mailing list