[Git][security-tracker-team/security-tracker][master] hdf5 non issues

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Jul 6 18:56:48 BST 2022 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1b5f175d by Moritz Muehlenhoff at 2022-07-06T19:56:16+02:00
hdf5 non issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -36231,17 +36231,20 @@ CVE-2021-46246
 CVE-2021-46245
 	RESERVED
 CVE-2021-46244 (A Divide By Zero vulnerability exists in HDF5 v1.13.1-1 vis the functi ...)
-	- hdf5 <undetermined>
+	- hdf5 <unfixed> (unimportant)
 	NOTE: https://github.com/HDFGroup/hdf5/issues/1327
 	NOTE: https://github.com/advisories/GHSA-vrxh-5gxg-rmhm
+	NOTE: Negligible security impact, malicous scientific data has more issues than a crash...
 CVE-2021-46243 (An untrusted pointer dereference vulnerability exists in HDF5 v1.13.1- ...)
-	- hdf5 <undetermined>
+	- hdf5 <unfixed> (unimportant)
 	NOTE: https://github.com/HDFGroup/hdf5/issues/1326
 	NOTE: https://github.com/advisories/GHSA-2rqw-mg55-mp69
+	NOTE: Negligible security impact, malicous scientific data has more issues than a crash...
 CVE-2021-46242 (HDF5 v1.13.1-1 was discovered to contain a heap-use-after free via the ...)
-	- hdf5 <undetermined>
+	- hdf5 <unfixed> (unimportant)
 	NOTE: https://github.com/HDFGroup/hdf5/issues/1329
 	NOTE: https://github.com/advisories/GHSA-x9pw-hh7v-wjpf
+	NOTE: Negligible security impact, malicous scientific data has more issues than a crash...
 CVE-2021-46241
 	RESERVED
 CVE-2021-46240 (A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the ...)
@@ -39339,26 +39342,30 @@ CVE-2021-45835 (The Online Admission System 1.0 allows an unauthenticated attack
 CVE-2021-45834 (An attacker can upload or transfer files of dangerous types to the Ope ...)
 	NOT-FOR-US: OpenDocMan
 CVE-2021-45833 (A Stack-based Buffer Overflow Vulnerability exists in HDF5 1.13.1-1 vi ...)
-	- hdf5 <undetermined>
+	- hdf5 <unfixed> (unimportant)
 	NOTE: https://github.com/HDFGroup/hdf5/issues/1313
 	NOTE: https://github.com/advisories/GHSA-x57p-jwp6-4v79
+	NOTE: Negligible security impact, malicous scientific data has more issues than a crash...
 CVE-2021-45832 (A Stack-based Buffer Overflow Vulnerability exists in HDF5 1.13.1-1 at ...)
-	- hdf5 <undetermined>
+	- hdf5 <unfixed> (unimportant)
 	NOTE: https://github.com/HDFGroup/hdf5/issues/1315
 	NOTE: https://github.com/advisories/GHSA-hvh7-f5p9-68g8
+	NOTE: Negligible security impact, malicous scientific data has more issues than a crash...
 CVE-2021-45831 (A Null Pointer Dereference vulnerability exitgs in GPAC 1.0.1 in MP4Bo ...)
 	- gpac 2.0.0+dfsg1-2
 	[stretch] - gpac <end-of-life> (No longer supported in LTS)
 	NOTE: https://github.com/gpac/gpac/issues/1990
 	NOTE: https://github.com/gpac/gpac/commit/4613a35362e15a6df90453bd632d083645e5a765 (v2.0.0)
 CVE-2021-45830 (A heap-based buffer overflow vulnerability exists in HDF5 1.13.1-1 via ...)
-	- hdf5 <undetermined>
+	- hdf5 <unfixed> (unimportant)
 	NOTE: https://github.com/HDFGroup/hdf5/issues/1314
 	NOTE: https://github.com/advisories/GHSA-5h2h-fjjr-x9m2
+	NOTE: Negligible security impact, malicous scientific data has more issues than a crash...
 CVE-2021-45829 (HDF5 1.13.1-1 is affected by: segmentation fault, which causes a Denia ...)
-	- hdf5 <undetermined>
+	- hdf5 <unfixed> (unimportant)
 	NOTE: https://github.com/HDFGroup/hdf5/issues/1317
 	NOTE: https://github.com/advisories/GHSA-23gx-cm6v-952g
+	NOTE: Negligible security impact, malicous scientific data has more issues than a crash...
 CVE-2021-45828
 	RESERVED
 CVE-2021-45827



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1b5f175d7ef0a72c2078f869c28b9f67f9f51dc9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1b5f175d7ef0a72c2078f869c28b9f67f9f51dc9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220706/c4cc92d4/attachment.htm>

More information about the debian-security-tracker-commits mailing list