[Git][security-tracker-team/security-tracker][master] Adjust version with first 1.10.8 based version hitting unstable

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat May 6 19:53:32 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9b720cba by Salvatore Bonaccorso at 2023-05-06T20:52:57+02:00
Adjust version with first 1.10.8 based version hitting unstable

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -233922,14 +233922,14 @@ CVE-2020-10812 (An issue was discovered in HDF5 through 1.12.0. A NULL pointer d
 	NOTE: https://research.loginsoft.com/bugs/null-pointer-dereference-in-h5fquery-c-hdf5-1-13-0/
 	NOTE: Negligible security impact, malicous scientific data has more issues than a crash...
 CVE-2020-10811 (An issue was discovered in HDF5 through 1.12.0. A heap-based buffer ov ...)
-	- hdf5 1.10.8+repack1-1 (unimportant)
+	- hdf5 1.10.8+repack-1 (unimportant)
 	NOTE: https://github.com/Loginsoft-Research/hdf5-reports/tree/master/Vuln_2
 	NOTE: https://research.loginsoft.com/bugs/heap-buffer-overflow-in-h5olayout-c-hdf5-1-13-0/
 	NOTE: Negligible security impact, malicous scientific data has more issues than a crash...
 	NOTE: Fixed in 1.10.x-series in 1.10.8 https://forum.hdfgroup.org/t/release-of-hdf5-1-10-8-newsletter-180/9108
 	NOTE: Duplicate of CVE-2018-14033
 CVE-2020-10810 (An issue was discovered in HDF5 through 1.12.0. A NULL pointer derefer ...)
-	- hdf5 1.10.8+repack1-1 (unimportant)
+	- hdf5 1.10.8+repack-1 (unimportant)
 	NOTE: https://github.com/Loginsoft-Research/hdf5-reports/tree/master/Vuln_3
 	NOTE: https://research.loginsoft.com/bugs/null-pointer-dereference-in-h5ac-c-hdf5-1-13-0/
 	NOTE: Negligible security impact, malicous scientific data has more issues than a crash...
@@ -324518,7 +324518,7 @@ CVE-2018-17436 (ReadCode() in decompress.c in the HDF HDF5 through 1.10.3 librar
 	NOTE: Negligible security impact
 	NOTE: Fixed in 1.10.x-series in 1.10.10 https://forum.hdfgroup.org/t/release-of-hdf5-1-10-10-newsletter-192/11006
 CVE-2018-17435 (A heap-based buffer over-read in H5O_attr_decode() in H5Oattr.c in the ...)
-	- hdf5 1.10.8+repack1-1 (unimportant)
+	- hdf5 1.10.8+repack-1 (unimportant)
 	NOTE: https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln7#heap-overflow-in-h5o_attr_decode
 	NOTE: https://jira.hdfgroup.org/browse/HDFFV-10591
 	NOTE: Negligible security impact
@@ -324539,7 +324539,7 @@ CVE-2018-17433 (A heap-based buffer overflow in ReadGifImageDesc() in gifread.c
 	NOTE: Negligible security impact
 	NOTE: Fixed in 1.10.x-series in 1.10.10 https://forum.hdfgroup.org/t/release-of-hdf5-1-10-10-newsletter-192/11006
 CVE-2018-17432 (A NULL pointer dereference in H5O_sdspace_encode() in H5Osdspace.c in  ...)
-	- hdf5 1.10.8+repack1-1 (unimportant)
+	- hdf5 1.10.8+repack-1 (unimportant)
 	[buster] - hdf5 <no-dsa> (Minor issue)
 	[stretch] - hdf5 <no-dsa> (Minor issue)
 	[jessie] - hdf5 <ignored> (Minor issue)
@@ -332472,7 +332472,7 @@ CVE-2018-14461 (The LDP parser in tcpdump before 4.9.3 has a buffer over-read in
 	- tcpdump 4.9.3-1 (bug #941698)
 	NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/aa5c6b710dfd8020d2c908d6b3bd41f1da719b3b
 CVE-2018-14460 (An issue was discovered in the HDF HDF5 1.8.20 library. There is a hea ...)
-	- hdf5 1.10.8+repack1-1 (unimportant)
+	- hdf5 1.10.8+repack-1 (unimportant)
 	NOTE: https://github.com/TeamSeri0us/pocs/blob/master/hdf5/README3.md
 	NOTE: Negligible security impact
 	NOTE: Fixed in 1.10.x-series in 1.10.8 https://forum.hdfgroup.org/t/release-of-hdf5-1-10-8-newsletter-180/9108
@@ -333660,7 +333660,7 @@ CVE-2018-14034 (An issue was discovered in the HDF HDF5 1.8.20 library. There is
 	NOTE: https://github.com/TeamSeri0us/pocs/blob/master/hdf5/README2.md
 	NOTE: Negligible security impact
 CVE-2018-14033 (An issue was discovered in the HDF HDF5 1.8.20 library. There is a hea ...)
-	- hdf5 1.10.8+repack1-1 (unimportant)
+	- hdf5 1.10.8+repack-1 (unimportant)
 	NOTE: https://github.com/TeamSeri0us/pocs/blob/master/hdf5/README2.md
 	NOTE: Negligible security impact
 	NOTE: Fixed in 1.10.x-series in 1.10.8 https://forum.hdfgroup.org/t/release-of-hdf5-1-10-8-newsletter-180/9108
@@ -334029,12 +334029,12 @@ CVE-2018-13871 (An issue was discovered in the HDF HDF5 1.8.20 library. There is
 	NOTE: https://github.com/TeamSeri0us/pocs/tree/master/hdf5
 	NOTE: Negligible HDF crash, never properly reported upstrem
 CVE-2018-13870 (An issue was discovered in the HDF HDF5 1.8.20 library. There is a hea ...)
-	- hdf5 1.10.8+repack1-1 (unimportant)
+	- hdf5 1.10.8+repack-1 (unimportant)
 	NOTE: Negligible HDF crash, never properly reported upstrem
 	NOTE: https://github.com/TeamSeri0us/pocs/tree/master/hdf5
 	NOTE: Fixed for 1.10.x in 1.10.7: https://forum.hdfgroup.org/t/release-of-hdf5-1-10-7-newsletter-175-the-hdf-group/7511
 CVE-2018-13869 (An issue was discovered in the HDF HDF5 1.8.20 library. There is a mem ...)
-	- hdf5 1.10.8+repack1-1 (unimportant)
+	- hdf5 1.10.8+repack-1 (unimportant)
 	NOTE: Negligible HDF crash, never properly reported upstrem
 	NOTE: https://github.com/TeamSeri0us/pocs/tree/master/hdf5
 	NOTE: Fixed for 1.10.x in 1.10.7: https://forum.hdfgroup.org/t/release-of-hdf5-1-10-7-newsletter-175-the-hdf-group/7511
@@ -341286,7 +341286,7 @@ CVE-2018-11207 (A division by zero was discovered in H5D__chunk_init in H5Dchunk
 	NOTE: https://jira.hdfgroup.org/browse/HDFFV-10481
 	NOTE: https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/commits/d0362ce438aef8ad690d5b084d929403c9877107
 CVE-2018-11206 (An out of bounds read was discovered in H5O_fill_new_decode and H5O_fi ...)
-	- hdf5 1.10.8+repack1-1 (low)
+	- hdf5 1.10.8+repack-1 (low)
 	[stretch] - hdf5 <no-dsa> (Minor issue)
 	[jessie] - hdf5 <no-dsa> (Minor issue)
 	[wheezy] - hdf5 <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9b720cbad121e906deacf427c8503606e1655bdb

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9b720cbad121e906deacf427c8503606e1655bdb
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230506/548d7605/attachment.htm>

More information about the debian-security-tracker-commits mailing list