[Git][security-tracker-team/security-tracker][master] Correct hdf5 version for issues which were fixed in 1.10.7 upstream

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat May 6 19:59:32 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
84eec608 by Salvatore Bonaccorso at 2023-05-06T20:58:28+02:00
Correct hdf5 version for issues which were fixed in 1.10.7 upstream

Note please pinpoint the first version in unstable which contains a fix.
This was 1.10.7+repack-1 for the 1.10.7 version upstream.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -324518,7 +324518,7 @@ CVE-2018-17436 (ReadCode() in decompress.c in the HDF HDF5 through 1.10.3 librar
 	NOTE: Negligible security impact
 	NOTE: Fixed in 1.10.x-series in 1.10.10 https://forum.hdfgroup.org/t/release-of-hdf5-1-10-10-newsletter-192/11006
 CVE-2018-17435 (A heap-based buffer over-read in H5O_attr_decode() in H5Oattr.c in the ...)
-	- hdf5 1.10.8+repack-1 (unimportant)
+	- hdf5 1.10.7+repack-1 (unimportant)
 	NOTE: https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln7#heap-overflow-in-h5o_attr_decode
 	NOTE: https://jira.hdfgroup.org/browse/HDFFV-10591
 	NOTE: Negligible security impact
@@ -334029,12 +334029,12 @@ CVE-2018-13871 (An issue was discovered in the HDF HDF5 1.8.20 library. There is
 	NOTE: https://github.com/TeamSeri0us/pocs/tree/master/hdf5
 	NOTE: Negligible HDF crash, never properly reported upstrem
 CVE-2018-13870 (An issue was discovered in the HDF HDF5 1.8.20 library. There is a hea ...)
-	- hdf5 1.10.8+repack-1 (unimportant)
+	- hdf5 1.10.7+repack-1 (unimportant)
 	NOTE: Negligible HDF crash, never properly reported upstrem
 	NOTE: https://github.com/TeamSeri0us/pocs/tree/master/hdf5
 	NOTE: Fixed for 1.10.x in 1.10.7: https://forum.hdfgroup.org/t/release-of-hdf5-1-10-7-newsletter-175-the-hdf-group/7511
 CVE-2018-13869 (An issue was discovered in the HDF HDF5 1.8.20 library. There is a mem ...)
-	- hdf5 1.10.8+repack-1 (unimportant)
+	- hdf5 1.10.7+repack-1 (unimportant)
 	NOTE: Negligible HDF crash, never properly reported upstrem
 	NOTE: https://github.com/TeamSeri0us/pocs/tree/master/hdf5
 	NOTE: Fixed for 1.10.x in 1.10.7: https://forum.hdfgroup.org/t/release-of-hdf5-1-10-7-newsletter-175-the-hdf-group/7511



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/84eec608808b766592767e9470122e07cb099ac7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/84eec608808b766592767e9470122e07cb099ac7
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230506/744e2196/attachment.htm>

More information about the debian-security-tracker-commits mailing list