[Git][security-tracker-team/security-tracker][master] CVE-2018-17234/hdf5: add bug entry and commit

Hugo Lefeuvre hle at debian.org
Tue Apr 9 09:56:50 BST 2019 


Hugo Lefeuvre pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3b916426 by Hugo Lefeuvre at 2019-04-09T08:56:13Z
CVE-2018-17234/hdf5: add bug entry and commit

Upstream bug tracker entry not public, can't view it myself. Adding
link to the tracker in case it becomes public in the future.

Access to upstream bitbucket also behind login portal, but does not
require privileged account.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -34825,8 +34825,11 @@ CVE-2018-17235 (The function mp4v2::impl::MP4Track::FinishSdtp() in mp4track.cpp
 	[jessie] - mp4v2 <ignored> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1629451
 CVE-2018-17234 (Memory leak in the H5O__chunk_deserialize() function in H5Ocache.c in  ...)
-	- hdf5 <undetermined>
+	- hdf5 <unfixed>
 	NOTE: https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln3#memory-leak---h5o__chunk_deserialize_memory_leak
+	NOTE: https://jira.hdfgroup.org/browse/HDFFV-10578 (not public)
+	NOTE: does not appear in 1.10.5 release notes, but fixed in
+	NOTE: https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/commits/f4138013dbc6851e968ea3d37b32776538ef306b
 CVE-2018-17233 (A SIGFPE signal is raised in the function H5D__create_chunk_file_map_h ...)
 	[experimental] - hdf5 1.10.5+repack-1~exp1
 	- hdf5 <unfixed>



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3b9164267efd5adba1ca268cec1a48009106e99f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/3b9164267efd5adba1ca268cec1a48009106e99f
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190409/87258e3f/attachment.html>

More information about the debian-security-tracker-commits mailing list