[Git][security-tracker-team/security-tracker][master] more hdf5 fixes in sid, based on BTS bug closures

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3f4f57df by Moritz Mühlenhoff at 2024-12-27T17:37:35+01:00
more hdf5 fixes in sid, based on BTS bug closures

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -227817,23 +227817,26 @@ CVE-2022-26892
 CVE-2022-26891 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability)
 	NOT-FOR-US: Microsoft
 CVE-2022-26061 (A heap-based buffer overflow vulnerability exists in the gif2h5 functi ...)
-	- hdf5 <unfixed> (bug #1031726)
+	- hdf5 1.10.10+repack-1 (bug #1031726)
 	[bookworm] - hdf5 <postponed> (Minor issue, revisit when fixed upstream)
 	[bullseye] - hdf5 <postponed> (Minor issue, revisit when fixed upstream)
 	[buster] - hdf5 <postponed> (Minor issue, revisit when fixed upstream)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1487
+	NOTE: Starting with 1.10.10+repack-1 gif2h5 and h52gif are no longer installed
 CVE-2022-25972 (An out-of-bounds write vulnerability exists in the gif2h5 functionalit ...)
-	- hdf5 <unfixed> (bug #1031726)
+	- hdf5 1.10.10+repack-1 (bug #1031726)
 	[bookworm] - hdf5 <postponed> (Minor issue, revisit when fixed upstream)
 	[bullseye] - hdf5 <postponed> (Minor issue, revisit when fixed upstream)
 	[buster] - hdf5 <postponed> (Minor issue, revisit when fixed upstream)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1485
+	NOTE: Starting with 1.10.10+repack-1 gif2h5 and h52gif are no longer installed
 CVE-2022-25942 (An out-of-bounds read vulnerability exists in the gif2h5 functionality ...)
-	- hdf5 <unfixed> (bug #1031726)
+	- hdf5 1.10.10+repack-1 (bug #1031726)
 	[bookworm] - hdf5 <postponed> (Minor issue, revisit when fixed upstream)
 	[bullseye] - hdf5 <postponed> (Minor issue, revisit when fixed upstream)
 	[buster] - hdf5 <postponed> (Minor issue, revisit when fixed upstream)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1486
+	NOTE: Starting with 1.10.10+repack-1 gif2h5 and h52gif are no longer installed
 CVE-2022-0935 (Host Header injection in password Reset in GitHub repository livehelpe ...)
 	NOT-FOR-US: livehelperchat
 CVE-2022-26886
@@ -432564,7 +432567,7 @@ CVE-2019-8400 (ORY Hydra before v1.0.0-rc.3+oryOS.9 has Reflected XSS via the oa
 CVE-2019-8399
 	RESERVED
 CVE-2019-8398 (An issue was discovered in the HDF HDF5 1.10.4 library. There is an ou ...)
-	- hdf5 <unfixed> (bug #1034838)
+	- hdf5 1.14.5+repack-1 (bug #1034838)
 	[bookworm] - hdf5 <no-dsa> (Minor issue)
 	[bullseye] - hdf5 <no-dsa> (Minor issue)
 	[buster] - hdf5 <no-dsa> (Minor issue)
@@ -477884,7 +477887,7 @@ CVE-2018-11206 (An out of bounds read was discovered in H5O_fill_new_decode and
 	NOTE: https://github.com/TeamSeri0us/pocs/blob/master/hdf5/README2.md
 	NOTE: Fixed in 1.10.x-series in 1.10.8 https://forum.hdfgroup.org/t/release-of-hdf5-1-10-8-newsletter-180/9108
 CVE-2018-11205 (A out of bounds read was discovered in H5VM_memcpyvv in H5VM.c in the  ...)
-	- hdf5 <unfixed> (bug #1034807)
+	- hdf5 1.14.5+repack-1 (bug #1034807)
 	[bookworm] - hdf5 <no-dsa> (Minor issue)
 	[bullseye] - hdf5 <no-dsa> (Minor issue)
 	[buster] - hdf5 <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3f4f57df0a90009dedf109881dff47562e529218

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3f4f57df0a90009dedf109881dff47562e529218
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241227/d52b268f/attachment.htm>