[Git][security-tracker-team/security-tracker][master] mark old hdf issues as unimportant
Moritz Muehlenhoff
jmm at debian.org
Tue Apr 20 19:43:28 BST 2021
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
701920f1 by Moritz Mühlenhoff at 2021-04-20T20:43:10+02:00
mark old hdf issues as unimportant
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -169898,9 +169898,10 @@ CVE-2018-17441 (An issue was discovered on D-Link Central WiFi Manager before v
CVE-2018-17440 (An issue was discovered on D-Link Central WiFi Manager before v 1.03r0 ...)
NOT-FOR-US: D-Link
CVE-2018-17439 (An issue was discovered in the HDF HDF5 1.10.3 library. There is a sta ...)
- - hdf5 <undetermined>
+ - hdf5 <unfixed> (unimportant)
NOTE: https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln5#stack-overflow-in-h5s_extent_get_dims
NOTE: https://jira.hdfgroup.org/browse/HDFFV-10589
+ NOTE: Negligible security impact
CVE-2018-17438 (A SIGFPE signal is raised in the function H5D__select_io() of H5Dselec ...)
- hdf5 1.10.6+repack-1 (unimportant)
NOTE: https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln4#divided-by-zero---poc_h5d__select_io_h5dselect
@@ -169917,12 +169918,14 @@ CVE-2018-17437 (Memory leak in the H5O_dtype_decode_helper() function in H5Odtyp
NOTE: fixed in 1.10.5, release notes: https://support.hdfgroup.org/ftp/HDF5/releases/hdf5-1.10/hdf5-1.10.5/src/hdf5-1.10.5-RELEASE.txt
NOTE: https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/commits/02d03b4624122955ee3de635699a4e3880fea377
CVE-2018-17436 (ReadCode() in decompress.c in the HDF HDF5 through 1.10.3 library allo ...)
- - hdf5 <undetermined>
+ - hdf5 <unfixed> (unimportant)
NOTE: https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln8#invalid-write-memory-access-in-decompressc
+ NOTE: Negligible security impact
CVE-2018-17435 (A heap-based buffer over-read in H5O_attr_decode() in H5Oattr.c in the ...)
- - hdf5 <undetermined>
+ - hdf5 <unfixed> (unimportant)
NOTE: https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln7#heap-overflow-in-h5o_attr_decode
NOTE: https://jira.hdfgroup.org/browse/HDFFV-10591
+ NOTE: Negligible security impact
CVE-2018-17434 (A SIGFPE signal is raised in the function apply_filters() of h5repack_ ...)
- hdf5 1.10.6+repack-2 (low)
[buster] - hdf5 <no-dsa> (Minor issue)
@@ -169933,9 +169936,10 @@ CVE-2018-17434 (A SIGFPE signal is raised in the function apply_filters() of h5r
NOTE: fixed in 1.10.5, release notes: https://support.hdfgroup.org/ftp/HDF5/releases/hdf5-1.10/hdf5-1.10.5/src/hdf5-1.10.5-RELEASE.txt
NOTE: https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/commits/02d03b4624122955ee3de635699a4e3880fea377
CVE-2018-17433 (A heap-based buffer overflow in ReadGifImageDesc() in gifread.c in the ...)
- - hdf5 <undetermined>
+ - hdf5 <unfixed> (unimportant)
NOTE: https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln8#heap-overflow-in-readgifimagedesc
NOTE: https://jira.hdfgroup.org/browse/HDFFV-10592
+ NOTE: Negligible security impact
CVE-2018-17432 (A NULL pointer dereference in H5O_sdspace_encode() in H5Osdspace.c in ...)
- hdf5 <unfixed> (unimportant)
[buster] - hdf5 <no-dsa> (Minor issue)
@@ -172625,8 +172629,9 @@ CVE-2018-16440
CVE-2018-16439
RESERVED
CVE-2018-16438 (An issue was discovered in the HDF HDF5 1.8.20 library. There is an ou ...)
- - hdf5 <undetermined>
+ - hdf5 <unfixed> (unimportant)
NOTE: H5L_extern_query at H5Lexternal.c:498-10___out-of-bounds-read
+ NOTE: Negligible security impact
CVE-2018-16437 (Gxlcms 2.0 before bug fix 20180915 has Directory Traversal exploitable ...)
NOT-FOR-US: Gxlcms
CVE-2018-16436 (Gxlcms 2.0 before bug fix 20180915 has SQL Injection exploitable by an ...)
@@ -174612,9 +174617,10 @@ CVE-2018-15673
CVE-2018-15672
REJECTED
CVE-2018-15671 (An issue was discovered in the HDF HDF5 1.10.2 library. Excessive stac ...)
- - hdf5 <undetermined>
+ - hdf5 <unfixed> (unimportant)
NOTE: https://github.com/SegfaultMasters/covering360/tree/master/HDF5#stack-overflow---stackoverflow_h5p__get_cb
NOTE: https://jira.hdfgroup.org/browse/HDFFV-10557
+ NOTE: Negligible security impact
CVE-2018-15670 (An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. Its primar ...)
NOT-FOR-US: Bloop Airmail
CVE-2018-15669 (An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. Its primar ...)
@@ -177862,8 +177868,9 @@ CVE-2018-14461 (The LDP parser in tcpdump before 4.9.3 has a buffer over-read in
- tcpdump 4.9.3-1 (bug #941698)
NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/aa5c6b710dfd8020d2c908d6b3bd41f1da719b3b
CVE-2018-14460 (An issue was discovered in the HDF HDF5 1.8.20 library. There is a hea ...)
- - hdf5 <undetermined>
+ - hdf5 <unfixed> (unimportant)
NOTE: https://github.com/TeamSeri0us/pocs/blob/master/hdf5/README3.md
+ NOTE: Negligible security impact
CVE-2018-14459 (An issue was discovered in libgig 4.1.0. There is an out-of-bounds wri ...)
- libgig <unfixed> (unimportant; bug #931309)
NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md
@@ -179039,19 +179046,23 @@ CVE-2018-14036 (Directory Traversal with ../ sequences occurs in AccountsService
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=107085
NOTE: https://gitlab.freedesktop.org/accountsservice/accountsservice/commit/f9abd359f71a5bce421b9ae23432f539a067847a
CVE-2018-14035 (An issue was discovered in the HDF HDF5 1.8.20 library. There is a hea ...)
- - hdf5 <undetermined>
+ - hdf5 <unfixed> (unimportant)
NOTE: https://github.com/TeamSeri0us/pocs/blob/master/hdf5/README2.md
+ NOTE: Negligible security impact
CVE-2018-14034 (An issue was discovered in the HDF HDF5 1.8.20 library. There is an ou ...)
- - hdf5 <undetermined>
+ - hdf5 <unfixed> (unimportant)
NOTE: https://github.com/TeamSeri0us/pocs/blob/master/hdf5/README2.md
+ NOTE: Negligible security impact
CVE-2018-14033 (An issue was discovered in the HDF HDF5 1.8.20 library. There is a hea ...)
- - hdf5 <undetermined>
+ - hdf5 <unfixed> (unimportant)
NOTE: https://github.com/TeamSeri0us/pocs/blob/master/hdf5/README2.md
+ NOTE: Negligible security impact
CVE-2018-14032
REJECTED
CVE-2018-14031 (An issue was discovered in the HDF HDF5 1.8.20 library. There is a hea ...)
- - hdf5 <undetermined>
+ - hdf5 <unfixed> (unimportant)
NOTE: https://github.com/TeamSeri0us/pocs/blob/master/hdf5/README2.md
+ NOTE: Negligible security impact
CVE-2018-14030
RESERVED
CVE-2018-14029 (CSRF vulnerability in admin/user/edit in Creatiwity wityCMS 0.6.2 allo ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/701920f1075a4644989fb3f240920f01152a877a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/701920f1075a4644989fb3f240920f01152a877a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210420/fedfd3a1/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list