[Git][security-tracker-team/security-tracker][master] CVE-2018-112{02,04,06}/hdf5: add commit links
Hugo Lefeuvre
hle at debian.org
Fri Apr 12 08:56:58 BST 2019
Hugo Lefeuvre pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4db8e3fb by Hugo Lefeuvre at 2019-04-12T07:54:36Z
CVE-2018-112{02,04,06}/hdf5: add commit links
Update dla-needed: CVE-2018-17432 need more information.
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -51371,6 +51371,8 @@ CVE-2018-11206 (An out of bounds read was discovered in H5O_fill_new_decode and
[stretch] - hdf5 <no-dsa> (Minor issue)
[jessie] - hdf5 <no-dsa> (Minor issue)
[wheezy] - hdf5 <no-dsa> (Minor issue)
+ NOTE: https://jira.hdfgroup.org/browse/HDFFV-10480
+ NOTE: https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/commits/992a199f90fec31e0ad72ed76ed279a3ccea59e4
CVE-2018-11205 (A out of bounds read was discovered in H5VM_memcpyvv in H5VM.c in the ...)
- hdf5 <undetermined>
CVE-2018-11204 (A NULL pointer dereference was discovered in H5O__chunk_deserialize in ...)
@@ -51378,6 +51380,8 @@ CVE-2018-11204 (A NULL pointer dereference was discovered in H5O__chunk_deserial
[stretch] - hdf5 <no-dsa> (Minor issue)
[jessie] - hdf5 <no-dsa> (Minor issue)
[wheezy] - hdf5 <no-dsa> (Minor issue)
+ NOTE: https://jira.hdfgroup.org/browse/HDFFV-10478
+ NOTE: https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/commits/992a199f90fec31e0ad72ed76ed279a3ccea59e4
CVE-2018-11203 (A division by zero was discovered in H5D__btree_decode_key in H5Dbtree ...)
- hdf5 1.10.4+repack-1 (low)
[stretch] - hdf5 <no-dsa> (Minor issue)
@@ -51388,6 +51392,8 @@ CVE-2018-11202 (A NULL pointer dereference was discovered in H5S_hyper_make_span
[stretch] - hdf5 <no-dsa> (Minor issue)
[jessie] - hdf5 <no-dsa> (Minor issue)
[wheezy] - hdf5 <no-dsa> (Minor issue)
+ NOTE: https://jira.hdfgroup.org/browse/HDFFV-10476
+ NOTE: https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/commits/992a199f90fec31e0ad72ed76ed279a3ccea59e4
CVE-2018-11201
RESERVED
CVE-2018-11200
=====================================
data/dla-needed.txt
=====================================
@@ -43,8 +43,10 @@ graphicsmagick (Markus Koschany)
--
hdf5 (Hugo Lefeuvre)
NOTE: requires some prior triage, almost all cves undetermined.
- NOTE: upstream's bug tracker requires special permissions to open issues.
- NOTE: unclear how upstream handles security backlog, contacted them.
+ NOTE: contacted hdf5 upstream, received information, currently updating the tracker.
+ NOTE: CVE-2018-17432: Upstream claims to have fixed this in 1.10.5 (issue HDF-10590)
+ NOTE: but not mentioned in release notes + no commit directly mentioning the issue
+ NOTE: -> ask them for more information.
--
imagemagick (Roberto C. Sánchez)
NOTE: 20181227: We should address the many open issues in imagemagick either
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4db8e3fb0fadb145e2216f7e979fc529886cfcfe
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4db8e3fb0fadb145e2216f7e979fc529886cfcfe
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190412/f86702b8/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list