[Git][security-tracker-team/security-tracker][master] hdf5 undetermined issues: add links to bug entries

Hugo Lefeuvre hle at debian.org
Thu Apr 18 18:25:05 BST 2019 


Hugo Lefeuvre pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9caffffb by Hugo Lefeuvre at 2019-04-18T17:24:46Z
hdf5 undetermined issues: add links to bug entries

Add upstream bug tracker links for a few hdf5 undetermined cves.

Upstream is actively working on theses bugs, but no fix released yet.

Information is scarce, especially since bug entries are not public,
thus not removing undetermined status for now.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7698,6 +7698,7 @@ CVE-2019-8399
 CVE-2019-8398 (An issue was discovered in the HDF HDF5 1.10.4 library. There is an ou ...)
 	- hdf5 <undetermined>
 	NOTE: https://github.com/magicSwordsMan/PAAFS/tree/master/vul6
+	NOTE: https://jira.hdfgroup.org/browse/HDFFV-10710
 CVE-2019-8397 (An issue was discovered in the HDF HDF5 1.10.4 library. There is an ou ...)
 	- hdf5 <unfixed>
 	NOTE: https://github.com/magicSwordsMan/PAAFS/tree/master/vul5
@@ -7705,6 +7706,7 @@ CVE-2019-8397 (An issue was discovered in the HDF HDF5 1.10.4 library. There is
 CVE-2019-8396 (A buffer overflow in H5O__layout_encode in H5Olayout.c in the HDF HDF5 ...)
 	- hdf5 <undetermined>
 	NOTE: https://github.com/magicSwordsMan/PAAFS/tree/master/vul4
+	NOTE: https://jira.hdfgroup.org/browse/HDFFV-10712
 CVE-2019-8395 (An Insecure Direct Object Reference (IDOR) vulnerability exists in Zoh ...)
 	NOT-FOR-US: Zoho ManageEngine ServiceDesk Plus
 CVE-2019-8394 (Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10012 allow ...)
@@ -35155,6 +35157,7 @@ CVE-2018-17440 (An issue was discovered on D-Link Central WiFi Manager before v
 CVE-2018-17439 (An issue was discovered in the HDF HDF5 1.10.3 library. There is a sta ...)
 	- hdf5 <undetermined>
 	NOTE: https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln5#stack-overflow-in-h5s_extent_get_dims
+	NOTE: https://jira.hdfgroup.org/browse/HDFFV-10589
 CVE-2018-17438 (A SIGFPE signal is raised in the function H5D__select_io() of H5Dselec ...)
 	- hdf5 <unfixed>
 	NOTE: https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln4#divided-by-zero---poc_h5d__select_io_h5dselect
@@ -35173,6 +35176,7 @@ CVE-2018-17436 (ReadCode() in decompress.c in the HDF HDF5 through 1.10.3 librar
 CVE-2018-17435 (A heap-based buffer over-read in H5O_attr_decode() in H5Oattr.c in the ...)
 	- hdf5 <undetermined>
 	NOTE: https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln7#heap-overflow-in-h5o_attr_decode
+	NOTE: https://jira.hdfgroup.org/browse/HDFFV-10591
 CVE-2018-17434 (A SIGFPE signal is raised in the function apply_filters() of h5repack_ ...)
 	[experimental] - hdf5 1.10.5+repack-1~exp1
 	- hdf5 <unfixed>
@@ -35183,6 +35187,7 @@ CVE-2018-17434 (A SIGFPE signal is raised in the function apply_filters() of h5r
 CVE-2018-17433 (A heap-based buffer overflow in ReadGifImageDesc() in gifread.c in the ...)
 	- hdf5 <undetermined>
 	NOTE: https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln8#heap-overflow-in-readgifimagedesc
+	NOTE: https://jira.hdfgroup.org/browse/HDFFV-10592
 CVE-2018-17432 (A NULL pointer dereference in H5O_sdspace_encode() in H5Osdspace.c in  ...)
 	- hdf5 <undetermined>
 	NOTE: https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln6#null-pointer-dereference-in-h5o_sdspace_encode
@@ -39791,6 +39796,7 @@ CVE-2018-15672
 CVE-2018-15671 (An issue was discovered in the HDF HDF5 1.10.2 library. Excessive stac ...)
 	- hdf5 <undetermined>
 	NOTE: https://github.com/SegfaultMasters/covering360/tree/master/HDF5#stack-overflow---stackoverflow_h5p__get_cb
+	NOTE: https://jira.hdfgroup.org/browse/HDFFV-10557
 CVE-2018-15670 (An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. Its primar ...)
 	NOT-FOR-US: Bloop Airmail
 CVE-2018-15669 (An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. Its primar ...)
@@ -51707,6 +51713,7 @@ CVE-2018-11206 (An out of bounds read was discovered in H5O_fill_new_decode and
 	NOTE: https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/commits/992a199f90fec31e0ad72ed76ed279a3ccea59e4
 CVE-2018-11205 (A out of bounds read was discovered in H5VM_memcpyvv in H5VM.c in the  ...)
 	- hdf5 <undetermined>
+	NOTE: https://jira.hdfgroup.org/browse/HDFFV-10479
 CVE-2018-11204 (A NULL pointer dereference was discovered in H5O__chunk_deserialize in ...)
 	- hdf5 1.10.4+repack-1 (low)
 	[stretch] - hdf5 <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9caffffbb08394762b687befe7e3bb6a175a9dc9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9caffffbb08394762b687befe7e3bb6a175a9dc9
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190418/e58523b2/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list