[Git][security-tracker-team/security-tracker][master] first batch of HDF cleanups now that 12.13 and 13.3 are out

Moritz Muehlenhoff (@jmm) jmm at debian.org
Mon Jan 19 15:36:31 GMT 2026 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
89c17896 by Moritz Muehlenhoff at 2026-01-19T16:35:54+01:00
first batch of HDF cleanups now that 12.13 and 13.3 are out

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -70518,13 +70518,11 @@ CVE-2025-1735 (In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* b
 	NOTE: https://github.com/php/php-src/security/advisories/GHSA-hrwm-9436-5mv3
 	NOTE: Fixed by: https://github.com/php/php-src/commit/9376aeef9f8ff81f2705b8016237ec3e30bdee44 (php-8.1.33)
 CVE-2025-7067 (A vulnerability classified as problematic was found in HDF5 1.14.6. Th ...)
-	- hdf5 <unfixed> (bug #1108886)
-	[trixie] - hdf5 <no-dsa> (Minor issue)
-	[bookworm] - hdf5 <no-dsa> (Minor issue)
-	[bullseye] - hdf5 <postponed> (Minor issue)
+	- hdf5 <unfixed> (bug #1108886; unimportant)
 	NOTE: https://github.com/HDFGroup/hdf5/issues/5577
 	NOTE: https://github.com/HDFGroup/hdf5/pull/5815
 	NOTE: https://github.com/HDFGroup/hdf5/commit/ea4b483d981b1c73ba2b8185c544565e4b05ae0e
+	NOTE: HDF not covered by security support, see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117722
 CVE-2025-7066 (Jirafeau normally prevents browser preview for text files due to the p ...)
 	NOT-FOR-US: Jirafeau
 CVE-2025-7061 (A vulnerability was found in Intelbras InControl up to 2.21.60.9. It h ...)
@@ -72388,13 +72386,11 @@ CVE-2025-1991 (IBM Informix Dynamic Server 12.10,14.10, and15.0 could allow a re
 CVE-2025-53391 (The Debian zuluPolkit/CMakeLists.txt file for zuluCrypt through the zu ...)
 	- zulucrypt <unfixed> (bug #1108288)
 CVE-2025-6816 (A vulnerability classified as problematic was found in HDF5 1.14.6. Th ...)
-	- hdf5 <unfixed> (bug #1108482)
-	[trixie] - hdf5 <no-dsa> (Minor issue)
-	[bookworm] - hdf5 <no-dsa> (Minor issue)
-	[bullseye] - hdf5 <postponed> (Minor issue)
+	- hdf5 <unfixed> (bug #1108482; unimportant)
 	NOTE: https://github.com/HDFGroup/hdf5/issues/5571
 	NOTE: https://github.com/HDFGroup/hdf5/pull/5829
 	NOTE: https://github.com/HDFGroup/hdf5/commit/29c847a43db0cdc85b01cafa5a7613ea73932675
+	NOTE: HDF not covered by security support, see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117722
 CVE-2025-6778 (A vulnerability, which was classified as problematic, was found in cod ...)
 	NOT-FOR-US: code-projects
 CVE-2025-6777 (A vulnerability, which was classified as critical, has been found in c ...)
@@ -72832,13 +72828,11 @@ CVE-2025-6752 (A vulnerability has been found in Linksys WRT1900ACS, EA7200, EA7
 CVE-2025-6751 (A vulnerability, which was classified as critical, was found in Linksy ...)
 	NOT-FOR-US: Linksys
 CVE-2025-6750 (A vulnerability, which was classified as problematic, has been found i ...)
-	- hdf5 <unfixed> (bug #1108409)
-	[trixie] - hdf5 <no-dsa> (Minor issue)
-	[bookworm] - hdf5 <no-dsa> (Minor issue)
-	[bullseye] - hdf5 <postponed> (Minor issue)
+	- hdf5 <unfixed> (bug #1108409; unimportant)
 	NOTE: https://github.com/HDFGroup/hdf5/issues/5549
 	NOTE: https://github.com/HDFGroup/hdf5/pull/5856
 	NOTE: https://github.com/HDFGroup/hdf5/commit/86149a098837a37b2513746e9baf84010f75fb54
+	NOTE: HDF not covered by security support, see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117722
 CVE-2025-6749 (A vulnerability classified as critical was found in huija bicycleShari ...)
 	NOT-FOR-US: bicycleSharingServer
 CVE-2025-6748 (A vulnerability classified as problematic has been found in Bharti Air ...)
@@ -102475,37 +102469,29 @@ CVE-2025-30211 (Erlang/OTP is a set of libraries for the Erlang programming lang
 	NOTE: https://github.com/erlang/otp/commit/d64d9fb0688092356a336e38a8717499113312a0 (OTP-25.3.2.19, OTP-26.2.5.10, OTP-27.3.1)
 	NOTE: https://github.com/erlang/otp/commit/5ee26eb412a76ba1c6afdf4524b62939a48d1bce (OTP-25.3.2.19, OTP-26.2.5.10, OTP-27.3.1)
 CVE-2025-2926 (A vulnerability was found in HDF5 up to 1.14.6 and classified as probl ...)
-	- hdf5 <unfixed> (bug #1103531)
-	[trixie] - hdf5 <postponed> (Minor issue, revisit when fixed upstream)
-	[bookworm] - hdf5 <postponed> (Minor issue, revisit when fixed upstream)
-	[bullseye] - hdf5 <postponed> (Minor issue, revisit when fixed upstream)
+	- hdf5 <unfixed> (bug #1103531; unimportant)
 	NOTE: https://github.com/HDFGroup/hdf5/issues/5384
 	NOTE: https://github.com/HDFGroup/hdf5/pull/5841
 	NOTE: https://github.com/HDFGroup/hdf5/commit/d37b537ff256f0fa65cb4f82b20f286ad9a2e1e2
+	NOTE: HDF not covered by security support, see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117722
 CVE-2025-2925 (A vulnerability has been found in HDF5 up to 1.14.6 and classified as  ...)
-	- hdf5 <unfixed> (bug #1103532)
-	[trixie] - hdf5 <postponed> (Minor issue, revisit when fixed upstream)
-	[bookworm] - hdf5 <postponed> (Minor issue, revisit when fixed upstream)
-	[bullseye] - hdf5 <postponed> (Minor issue, revisit when fixed upstream)
+	- hdf5 <unfixed> (bug #1103532; unimportant)
 	NOTE: https://github.com/HDFGroup/hdf5/issues/5383
 	NOTE: https://github.com/HDFGroup/hdf5/pull/5739
 	NOTE: https://github.com/HDFGroup/hdf5/commit/4310c19608455c17a213383d07715efb2918defc
+	NOTE: HDF not covered by security support, see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117722
 CVE-2025-2924 (A vulnerability, which was classified as problematic, was found in HDF ...)
-	- hdf5 <unfixed> (bug #1103533)
-	[trixie] - hdf5 <postponed> (Minor issue, revisit when fixed upstream)
-	[bookworm] - hdf5 <postponed> (Minor issue, revisit when fixed upstream)
-	[bullseye] - hdf5 <postponed> (Minor issue, revisit when fixed upstream)
+	- hdf5 <unfixed> (bug #1103533; unimportant)
 	NOTE: https://github.com/HDFGroup/hdf5/issues/5382
 	NOTE: https://github.com/HDFGroup/hdf5/pull/5814
 	NOTE: https://github.com/HDFGroup/hdf5/commit/0a57195ca67d278f1cf7d01566c121048e337a59
+	NOTE: HDF not covered by security support, see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117722
 CVE-2025-2923 (A vulnerability, which was classified as problematic, has been found i ...)
-	- hdf5 <unfixed> (bug #1103534)
-	[trixie] - hdf5 <postponed> (Minor issue, revisit when fixed upstream)
-	[bookworm] - hdf5 <postponed> (Minor issue, revisit when fixed upstream)
-	[bullseye] - hdf5 <postponed> (Minor issue, revisit when fixed upstream)
+	- hdf5 <unfixed> (bug #1103534; unimportant)
 	NOTE: https://github.com/HDFGroup/hdf5/issues/5381
 	NOTE: https://github.com/HDFGroup/hdf5/pull/5829
 	NOTE: https://github.com/HDFGroup/hdf5/commit/29c847a43db0cdc85b01cafa5a7613ea73932675
+	NOTE: HDF not covered by security support, see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117722
 CVE-2025-2922 (A vulnerability classified as problematic was found in Netis WF-2404 1 ...)
 	NOT-FOR-US: Netis
 CVE-2025-2921 (A vulnerability classified as critical has been found in Netis WF-2404 ...)
@@ -102519,18 +102505,15 @@ CVE-2025-2917 (A vulnerability, which was classified as problematic, was found i
 CVE-2025-2916 (A vulnerability, which was classified as critical, has been found in A ...)
 	NOT-FOR-US: Aishida Call Center System
 CVE-2025-2915 (A vulnerability classified as problematic was found in HDF5 up to 1.14 ...)
-	- hdf5 <unfixed> (bug #1103536)
-	[trixie] - hdf5 <postponed> (Minor issue, revisit when fixed upstream)
-	[bookworm] - hdf5 <postponed> (Minor issue, revisit when fixed upstream)
-	[bullseye] - hdf5 <postponed> (Minor issue, revisit when fixed upstream)
+	- hdf5 <unfixed> (bug #1103536; unimportant)
 	NOTE: https://github.com/HDFGroup/hdf5/issues/5380
+	NOTE: https://github.com/HDFGroup/hdf5/commit/26a76bafdef3a0950d348a08667de161a19b7c2c
+	NOTE: HDF not covered by security support, see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117722
 CVE-2025-2914 (A vulnerability classified as problematic has been found in HDF5 up to ...)
-	- hdf5 <unfixed> (bug #1103537)
-	[trixie] - hdf5 <postponed> (Minor issue, revisit when fixed upstream)
-	[bookworm] - hdf5 <postponed> (Minor issue, revisit when fixed upstream)
-	[bullseye] - hdf5 <postponed> (Minor issue, revisit when fixed upstream)
+	- hdf5 <unfixed> (bug #1103537; unimportant)
 	NOTE: https://github.com/HDFGroup/hdf5/issues/5379
 	NOTE: https://github.com/HDFGroup/hdf5/pull/5722
+	NOTE: HDF not covered by security support, see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117722
 CVE-2025-2913 (A vulnerability was found in HDF5 up to 1.14.6. It has been rated as c ...)
 	- hdf5 <unfixed> (bug #1103538)
 	[trixie] - hdf5 <postponed> (Minor issue, revisit when fixed upstream)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/89c17896cc0dd39f4a318bb39ceca8dcb499e66e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/89c17896cc0dd39f4a318bb39ceca8dcb499e66e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260119/de6e057e/attachment.htm>

More information about the debian-security-tracker-commits mailing list