[Git][security-tracker-team/security-tracker][master] Three CVEs fixed for hdf5 in experimental

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b402017b by Salvatore Bonaccorso at 2019-03-30T09:19:13Z
Three CVEs fixed for hdf5 in experimental

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -33175,7 +33175,8 @@ CVE-2018-17438 (A SIGFPE signal is raised in the function H5D__select_io() of H5
 	- hdf5 <undetermined>
 	NOTE: https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln4#divided-by-zero---poc_h5d__select_io_h5dselect
 CVE-2018-17437 (Memory leak in the H5O_dtype_decode_helper() function in H5Odtype.c in ...)
-	- hdf5 <undetermined>
+	[experimental] - hdf5 1.10.5+repack-1~exp1
+	- hdf5 <unfixed>
 	NOTE: https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln5#memory-leak-in-h5o_dtype_decode_helper
 CVE-2018-17436 (ReadCode() in decompress.c in the HDF HDF5 through 1.10.3 library allo ...)
 	- hdf5 <undetermined>
@@ -33184,7 +33185,8 @@ CVE-2018-17435 (A heap-based buffer over-read in H5O_attr_decode() in H5Oattr.c
 	- hdf5 <undetermined>
 	NOTE: https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln7#heap-overflow-in-h5o_attr_decode
 CVE-2018-17434 (A SIGFPE signal is raised in the function apply_filters() of h5repack_ ...)
-	- hdf5 <undetermined>
+	[experimental] - hdf5 1.10.5+repack-1~exp1
+	- hdf5 <unfixed>
 	NOTE: https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln4#divided-by-zero---poc_apply_filters_h5repack_filters
 CVE-2018-17433 (A heap-based buffer overflow in ReadGifImageDesc() in gifread.c in the ...)
 	- hdf5 <undetermined>
@@ -33630,7 +33632,8 @@ CVE-2018-17234 (Memory leak in the H5O__chunk_deserialize() function in H5Ocache
 	- hdf5 <undetermined>
 	NOTE: https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln3#memory-leak---h5o__chunk_deserialize_memory_leak
 CVE-2018-17233 (A SIGFPE signal is raised in the function H5D__create_chunk_file_map_h ...)
-	- hdf5 <undetermined>
+	[experimental] - hdf5 1.10.5+repack-1~exp1
+	- hdf5 <unfixed>
 	NOTE: https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln2#divided-by-zero---h5d__create_chunk_file_map_hyper_div_zero
 CVE-2018-17232 (SQL injection vulnerability in archivebot.py in docmarionum1 Slack Arc ...)
 	NOT-FOR-US: docmarionum1 Slack ArchiveBot (slack-archive-bot)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b402017b1d66554c8189e84eb90d20cc0e2b7865

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/b402017b1d66554c8189e84eb90d20cc0e2b7865
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190330/55d62bcf/attachment.html>