[Git][security-tracker-team/security-tracker][master] 2 commits: hdf5: mark CVE-2019-9152 unfixed (i.o undetermined)

Hugo Lefeuvre hle at debian.org
Tue Mar 19 17:20:15 GMT 2019 

Hugo Lefeuvre pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b09efffd by Hugo Lefeuvre at 2019-03-19T17:15:33Z
hdf5: mark CVE-2019-9152 unfixed (i.o undetermined)

Reproduced issue on buster (1.10.4+repack-10) with valgrind and poc
from reporter.

- - - - -
d7c6dc9b by Hugo Lefeuvre at 2019-03-19T17:19:44Z
dla-needed: add hdf5 entry

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -1758,7 +1758,7 @@ CVE-2019-9154
 CVE-2019-9153
 	RESERVED
 CVE-2019-9152 (An issue was discovered in the HDF HDF5 1.10.4 library. There is an ou ...)
-	- hdf5 <undetermined>
+	- hdf5 <unfixed>
 	NOTE: https://github.com/magicSwordsMan/PAAFS/tree/master/vul8
 CVE-2019-9151 (An issue was discovered in the HDF HDF5 1.10.4 library. There is an ou ...)
 	- hdf5 <undetermined>


=====================================
data/dla-needed.txt
=====================================
@@ -30,6 +30,9 @@ firmware-nonfree (Emilio)
 --
 glib2.0
 --
+hdf5 (Hugo Lefeuvre)
+  NOTE: requires some prior triage, almost all cves undetermined.
+--
 imagemagick (Roberto C. Sánchez)
   NOTE: 20181227: We should address the many open issues in imagemagick either
   NOTE: by patching them separetely as we did in Wheezy or by updating to a



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/b523c50686633de51ed21bd3168c4106ec3e4f4f...d7c6dc9bff4ece076ec630d963520ca6de62101d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/b523c50686633de51ed21bd3168c4106ec3e4f4f...d7c6dc9bff4ece076ec630d963520ca6de62101d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190319/c86dffb3/attachment.html>

More information about the debian-security-tracker-commits mailing list