[Git][security-tracker-team/security-tracker][master] dla: drop hdf5 (limited support)

Fri Jan 2 20:51:48 GMT 2026


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
742ebe38 by Sylvain Beucler at 2026-01-02T21:51:44+01:00
dla: drop hdf5 (limited support)

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=====================================
data/dla-needed.txt
=====================================
@@ -167,23 +167,6 @@ guix
   NOTE: 20250707: Added by Front-Desk (apo)
   NOTE: 20251011: Proposed for EOL: https://salsa.debian.org/lts-team/lts-updates-tasks/-/issues/262
 --
-hdf5
-  NOTE: 20250410: Added by Front-Desk (Beuc)
-  NOTE: 20250410: >50 CVEs piled-up during stable/oldstable/lts (Beuc/front-desk)
-  NOTE: 20250414: Most CVEs don't have identified patches, upstream makes no effort at
-  NOTE: 20250414: identifying CVEs, and merges huge changesets from develop to
-  NOTE: 20250414: stable branches in single commits. They have reproducers though at:
-  NOTE: 20250414: https://github.com/HDFGroup/cve_hdf5/
-  NOTE: 20251014: Proposed limited security support in #1117607 (jspricke)
-  NOTE: 20251014: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117607
-  NOTE: 20251107: Please fix what can be reasonably fixed, and add a README.Debian as requested in #1117607 (Beuc/front-desk)
-  NOTE: 20251107: d-s-s entry proposed (jspricke)
-  NOTE: 20251107: https://salsa.debian.org/debian/debian-security-support/-/merge_requests/52
-  NOTE: 20251128: README.Debian proposed
-  NOTE: 20251128: https://lists.debian.org/debian-lts/2025/11/msg00022.html
-  NOTE: 20251128: A priori there are no current CVEs to fix within the new limited support status,
-  NOTE: 20251128: so let's drop this when the d-s-s MR is merged. (Beuc)
---
 jackson-core (Markus Koschany)
   NOTE: 20250707: Added by Front-Desk (apo)
   NOTE: 20251016: A single patch is not possible to apply to fix the CVE. I'm working on backporting more than one.
@@ -242,7 +225,6 @@ libsoup2.4
   NOTE: 20251209: Remaining open CVEs need upstream work and then revisited,
   NOTE: 20251209: possibly also look into wip by spwitton, thus unclaiming
   NOTE: 20251209: rather than removing this entry. (ah)
-
 --
 libstb (abhijith)
   NOTE: 20251206: Added by Front-Desk (rouca)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/742ebe38c0c6c4ab8ccedc06d74e0e7ce372d56c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/742ebe38c0c6c4ab8ccedc06d74e0e7ce372d56c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260102/121b1687/attachment-0001.htm>
