[Git][security-tracker-team/security-tracker][master] CVE-2018-1743{4,7}/hdf5: add bug entry and commit

Tue Apr 9 10:12:15 BST 2019


Hugo Lefeuvre pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a8f7d5f4 by Hugo Lefeuvre at 2019-04-09T09:11:44Z
CVE-2018-1743{4,7}/hdf5: add bug entry and commit

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -34374,6 +34374,9 @@ CVE-2018-17437 (Memory leak in the H5O_dtype_decode_helper() function in H5Odtyp
 	[experimental] - hdf5 1.10.5+repack-1~exp1
 	- hdf5 <unfixed>
 	NOTE: https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln5#memory-leak-in-h5o_dtype_decode_helper
+	NOTE: https://jira.hdfgroup.org/browse/HDFFV-10588
+	NOTE: fixed in 1.10.5, release notes: https://support.hdfgroup.org/ftp/HDF5/releases/hdf5-1.10/hdf5-1.10.5/src/hdf5-1.10.5-RELEASE.txt
+	NOTE: https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/commits/02d03b4624122955ee3de635699a4e3880fea377
 CVE-2018-17436 (ReadCode() in decompress.c in the HDF HDF5 through 1.10.3 library allo ...)
 	- hdf5 <undetermined>
 	NOTE: https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln8#invalid-write-memory-access-in-decompressc
@@ -34384,6 +34387,9 @@ CVE-2018-17434 (A SIGFPE signal is raised in the function apply_filters() of h5r
 	[experimental] - hdf5 1.10.5+repack-1~exp1
 	- hdf5 <unfixed>
 	NOTE: https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln4#divided-by-zero---poc_apply_filters_h5repack_filters
+	NOTE: https://jira.hdfgroup.org/browse/HDFFV-10586
+	NOTE: fixed in 1.10.5, release notes: https://support.hdfgroup.org/ftp/HDF5/releases/hdf5-1.10/hdf5-1.10.5/src/hdf5-1.10.5-RELEASE.txt
+	NOTE: https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/commits/02d03b4624122955ee3de635699a4e3880fea377
 CVE-2018-17433 (A heap-based buffer overflow in ReadGifImageDesc() in gifread.c in the ...)
 	- hdf5 <undetermined>
 	NOTE: https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln8#heap-overflow-in-readgifimagedesc



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a8f7d5f4451ae3a810a80536f6a8aa04e182fd6d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/a8f7d5f4451ae3a810a80536f6a8aa04e182fd6d
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190409/57d78d64/attachment-0001.html>
