[Git][security-tracker-team/security-tracker][master] CVE-2018-17438/hdf5: add bug and commit links

Hugo Lefeuvre hle at debian.org
Thu Apr 18 18:14:43 BST 2019



Hugo Lefeuvre pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c295b8e9 by Hugo Lefeuvre at 2019-04-18T17:13:10Z
CVE-2018-17438/hdf5: add bug and commit links

Fix still in develop branch, will be released for 1.12.0.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -35154,8 +35154,10 @@ CVE-2018-17439 (An issue was discovered in the HDF HDF5 1.10.3 library. There is
 	- hdf5 <undetermined>
 	NOTE: https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln5#stack-overflow-in-h5s_extent_get_dims
 CVE-2018-17438 (A SIGFPE signal is raised in the function H5D__select_io() of H5Dselec ...)
-	- hdf5 <undetermined>
+	- hdf5 <unfixed>
 	NOTE: https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln4#divided-by-zero---poc_h5d__select_io_h5dselect
+	NOTE: https://jira.hdfgroup.org/browse/HDFFV-10587
+	NOTE: fix in develop branch: https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/commits/7add52ff4f2443357648d53d52add274d1b18b5f
 CVE-2018-17437 (Memory leak in the H5O_dtype_decode_helper() function in H5Odtype.c in ...)
 	[experimental] - hdf5 1.10.5+repack-1~exp1
 	- hdf5 <unfixed>



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c295b8e9bb4e5439cf08e306bba363f8a27baccf

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c295b8e9bb4e5439cf08e306bba363f8a27baccf
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190418/1b665de9/attachment.html>


More information about the debian-security-tracker-commits mailing list