[Git][security-tracker-team/security-tracker][master] dla-needed: update hdf5 entry
Hugo Lefeuvre
hle at debian.org
Sat May 11 09:34:03 BST 2019
Hugo Lefeuvre pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0558563b by Hugo Lefeuvre at 2019-05-11T08:33:48Z
dla-needed: update hdf5 entry
- - - - -
1 changed file:
- data/dla-needed.txt
Changes:
=====================================
data/dla-needed.txt
=====================================
@@ -34,11 +34,11 @@ ghostscript (Roberto C. Sánchez)
graphicsmagick (Hugo Lefeuvre)
--
hdf5 (Hugo Lefeuvre)
- NOTE: 20190430: requires some prior triage, almost all cves undetermined.
- NOTE: contacted hdf5 upstream, received information, currently updating the tracker.
- NOTE: CVE-2018-17432: Upstream claims to have fixed this in 1.10.5 (issue HDF-10590)
+ NOTE: CVE-2018-17432: upstream claims to have fixed this in 1.10.5 (issue HDF-10590)
NOTE: but not mentioned in release notes + no commit directly mentioning the issue
NOTE: -> ask them for more information.
+ NOTE: 20190511: upstream was not aware of our undetermined issues. They have assigned
+ NOTE: a Jira issue for this: https://jira.hdfgroup.org/browse/HDFFV-10755 (hle)
--
imagemagick (Hugo Lefeuvre, Markus Koschany)
NOTE: 20181227: We should address the many open issues in imagemagick either
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0558563bb4953cf918552a37197592f54745510f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0558563bb4953cf918552a37197592f54745510f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190511/58fb6cdd/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list