[Git][security-tracker-team/security-tracker][master] more HDF updates
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Mon Jan 19 17:26:56 GMT 2026
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
76c57bcd by Moritz Muehlenhoff at 2026-01-19T18:25:53+01:00
more HDF updates
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -102516,21 +102516,18 @@ CVE-2025-2914 (A vulnerability classified as problematic has been found in HDF5
- hdf5 <unfixed> (bug #1103537; unimportant)
NOTE: https://github.com/HDFGroup/hdf5/issues/5379
NOTE: https://github.com/HDFGroup/hdf5/pull/5722
+ NOTE: https://github.com/HDFGroup/hdf5/commit/804f3bace997e416917b235dbd3beac3652a8a05
NOTE: HDF not covered by security support, see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117722
CVE-2025-2913 (A vulnerability was found in HDF5 up to 1.14.6. It has been rated as c ...)
- - hdf5 <unfixed> (bug #1103538)
- [trixie] - hdf5 <postponed> (Minor issue, revisit when fixed upstream)
- [bookworm] - hdf5 <postponed> (Minor issue, revisit when fixed upstream)
- [bullseye] - hdf5 <postponed> (Minor issue, revisit when fixed upstream)
+ - hdf5 <unfixed> (bug #1103538; unimportant)
NOTE: https://github.com/HDFGroup/hdf5/issues/5376
NOTE: https://github.com/HDFGroup/hdf5/commit/d37b537ff256f0fa65cb4f82b20f286ad9a2e1e2
+ NOTE: HDF not covered by security support, see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117722
CVE-2025-2912 (A vulnerability was found in HDF5 up to 1.14.6. It has been declared a ...)
- - hdf5 <unfixed> (bug #1103539)
- [trixie] - hdf5 <postponed> (Minor issue, revisit when fixed upstream)
- [bookworm] - hdf5 <postponed> (Minor issue, revisit when fixed upstream)
- [bullseye] - hdf5 <postponed> (Minor issue, revisit when fixed upstream)
+ - hdf5 <unfixed> (bug #1103539; unimportant)
NOTE: https://github.com/HDFGroup/hdf5/issues/5370
NOTE: Fixed by: https://github.com/HDFGroup/hdf5/commit/7cc8b5e1010a09c892bc97ac32d9515c3777ce07 (2.0.0)
+ NOTE: HDF not covered by security support, see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117722
CVE-2025-2911 (Unauthorised access to the call forwarding service system in MeetMe pr ...)
NOT-FOR-US: MeetMe
CVE-2025-2910 (User enumeration in the password reset module of the MeetMe authentica ...)
@@ -106846,23 +106843,17 @@ CVE-2025-2325 (The WP Test Email plugin for WordPress is vulnerable to Stored Cr
CVE-2025-2320 (A vulnerability has been found in 274056675 springboot-openai-chatgpt ...)
NOT-FOR-US: springboot-openai-chatgpt
CVE-2025-2310 (A vulnerability was found in HDF5 1.14.6 and classified as critical. T ...)
- - hdf5 <unfixed> (bug #1103540)
- [trixie] - hdf5 <postponed> (Minor issue, revisit when fixed upstream)
- [bookworm] - hdf5 <postponed> (Minor issue, revisit when fixed upstream)
- [bullseye] - hdf5 <postponed> (Minor issue, revisit when fixed upstream)
+ - hdf5 <unfixed> (bug #1103540; unimportant)
NOTE: https://github.com/madao123123/crash_report/blob/main/hdf5_poc/hdf5_poc4.md
+ NOTE: HDF not covered by security support, see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117722
CVE-2025-2309 (A vulnerability has been found in HDF5 1.14.6 and classified as critic ...)
- - hdf5 <unfixed> (bug #1103541)
- [trixie] - hdf5 <postponed> (Minor issue, revisit when fixed upstream)
- [bookworm] - hdf5 <postponed> (Minor issue, revisit when fixed upstream)
- [bullseye] - hdf5 <postponed> (Minor issue, revisit when fixed upstream)
+ - hdf5 <unfixed> (bug #1103541; unimportant)
NOTE: https://github.com/madao123123/crash_report/blob/main/hdf5_poc/hdf5_poc3.md
+ NOTE: HDF not covered by security support, see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117722
CVE-2025-2308 (A vulnerability, which was classified as critical, was found in HDF5 1 ...)
- - hdf5 <unfixed> (bug #1103542)
- [trixie] - hdf5 <postponed> (Minor issue, revisit when fixed upstream)
- [bookworm] - hdf5 <postponed> (Minor issue, revisit when fixed upstream)
- [bullseye] - hdf5 <postponed> (Minor issue, revisit when fixed upstream)
+ - hdf5 <unfixed> (bug #1103542; unimportant)
NOTE: https://github.com/madao123123/crash_report/blob/main/hdf5_poc/hdf5_poc2.md
+ NOTE: HDF not covered by security support, see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117722
CVE-2025-2295 (EDK2 contains a vulnerability in BIOS where a user may cause an Intege ...)
- edk2 2025.02-4 (bug #1100594)
[bookworm] - edk2 <no-dsa> (Minor issue)
@@ -108375,13 +108366,11 @@ CVE-2025-1828 (Crypt::Random Perl package 1.05 through 1.55 may use rand() funct
NOTE: Fixed by: https://github.com/perl-Crypt-OpenPGP/Crypt-Random/commit/1f8b29e9e89d8d083fd025152e76ec918136cc05 (1.55)
NOTE: https://lists.security.metacpan.org/cve-announce/msg/27835115/
CVE-2025-2153 (A vulnerability, which was classified as critical, was found in HDF5 1 ...)
- - hdf5 <unfixed> (bug #1100440)
- [trixie] - hdf5 <postponed> (Minor issue, revisit when fixed upstream)
- [bookworm] - hdf5 <postponed> (Minor issue, revisit when fixed upstream)
- [bullseye] - hdf5 <postponed> (Minor issue, revisit when fixed upstream)
+ - hdf5 <unfixed> (bug #1100440; unimportant)
NOTE: https://github.com/HDFGroup/hdf5/issues/5329
NOTE: https://github.com/HDFGroup/hdf5/pull/5795
NOTE: https://github.com/HDFGroup/hdf5/commit/38954615fc079538aa45d48097625a6d76aceef0
+ NOTE: HDF not covered by security support, see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117722
CVE-2025-2152 (A vulnerability, which was classified as critical, has been found in O ...)
- assimp 6.0.2+ds-1 (bug #1100438)
[trixie] - assimp <postponed> (Minor issue, revisit when fixed upstream)
@@ -197020,30 +197009,25 @@ CVE-2024-34200 (TOTOLINK CPE CP450 v4.1.0cu.747_B20191224 was discovered to cont
CVE-2024-34074 (Frappe is a full-stack web application framework. Prior to 15.26.0 and ...)
NOT-FOR-US: Frappe Framework
CVE-2024-33877 (HDF5 Library through 1.14.3 has a heap-based buffer overflow in H5T__c ...)
- - hdf5 1.14.5+repack-1 (bug #1070861)
- [bookworm] - hdf5 <no-dsa> (Minor issue)
- [bullseye] - hdf5 <no-dsa> (Minor issue)
+ - hdf5 1.14.5+repack-1 (bug #1070861; unimportant)
NOTE: https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/
+ NOTE: HDF not covered by security support, see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117722
CVE-2024-33876 (HDF5 Library through 1.14.3 has a heap buffer overflow in H5S__point_d ...)
- - hdf5 1.14.5+repack-1 (bug #1070861)
- [bookworm] - hdf5 <no-dsa> (Minor issue)
- [bullseye] - hdf5 <no-dsa> (Minor issue)
+ - hdf5 1.14.5+repack-1 (bug #1070861; unimportant)
NOTE: https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/
+ NOTE: HDF not covered by security support, see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117722
CVE-2024-33875 (HDF5 Library through 1.14.3 has a heap-based buffer overflow in H5O__l ...)
- - hdf5 1.14.5+repack-1 (bug #1070861)
- [bookworm] - hdf5 <no-dsa> (Minor issue)
- [bullseye] - hdf5 <no-dsa> (Minor issue)
+ - hdf5 1.14.5+repack-1 (bug #1070861; unimportant)
NOTE: https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/
+ NOTE: HDF not covered by security support, see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117722
CVE-2024-33874 (HDF5 Library through 1.14.3 has a heap buffer overflow in H5O__mtime_n ...)
- - hdf5 1.14.5+repack-1 (bug #1070861)
- [bookworm] - hdf5 <no-dsa> (Minor issue)
- [bullseye] - hdf5 <no-dsa> (Minor issue)
+ - hdf5 1.14.5+repack-1 (bug #1070861; unimportant)
NOTE: https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/
+ NOTE: HDF not covered by security support, see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117722
CVE-2024-33873 (HDF5 Library through 1.14.3 has a heap-based buffer overflow in H5D__s ...)
- - hdf5 1.14.5+repack-1 (bug #1070861)
- [bookworm] - hdf5 <no-dsa> (Minor issue)
- [bullseye] - hdf5 <no-dsa> (Minor issue)
+ - hdf5 1.14.5+repack-1 (bug #1070861; unimportant)
NOTE: https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/
+ NOTE: HDF not covered by security support, see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117722
CVE-2024-33454 (Buffer Overflow vulnerability in esp-idf v.5.1 allows a remote attacke ...)
NOT-FOR-US: esp-idf
CVE-2024-32874 (Frigate is a network video recorder (NVR) with realtime local object d ...)
@@ -197071,35 +197055,29 @@ CVE-2024-32655 (Npgsql is the .NET data provider for PostgreSQL. The `WriteBind(
NOTE: https://github.com/npgsql/npgsql/security/advisories/GHSA-x9vc-6hfv-hg8c
NOTE: https://github.com/npgsql/npgsql/commit/f7e7ead0702d776a8f551f5786c4cac2d65c4bc6
CVE-2024-32624 (HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H ...)
- - hdf5 1.14.5+repack-1 (bug #1070861)
- [bookworm] - hdf5 <no-dsa> (Minor issue)
- [bullseye] - hdf5 <no-dsa> (Minor issue)
+ - hdf5 1.14.5+repack-1 (bug #1070861; unimportant)
NOTE: https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/
+ NOTE: HDF not covered by security support, see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117722
CVE-2024-32623 (HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H ...)
- - hdf5 1.14.5+repack-1 (bug #1070861)
- [bookworm] - hdf5 <no-dsa> (Minor issue)
- [bullseye] - hdf5 <no-dsa> (Minor issue)
+ - hdf5 1.14.5+repack-1 (bug #1070861; unimportant)
NOTE: https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/
+ NOTE: HDF not covered by security support, see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117722
CVE-2024-32622 (HDF5 Library through 1.14.3 contains a out-of-bounds read operation in ...)
- - hdf5 1.14.5+repack-1 (bug #1070861)
- [bookworm] - hdf5 <no-dsa> (Minor issue)
- [bullseye] - hdf5 <no-dsa> (Minor issue)
+ - hdf5 1.14.5+repack-1 (bug #1070861; unimportant)
NOTE: https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/
+ NOTE: HDF not covered by security support, see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117722
CVE-2024-32621 (HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H ...)
- - hdf5 1.14.5+repack-1 (bug #1070861)
- [bookworm] - hdf5 <no-dsa> (Minor issue)
- [bullseye] - hdf5 <no-dsa> (Minor issue)
+ - hdf5 1.14.5+repack-1 (bug #1070861; unimportant)
NOTE: https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/
+ NOTE: HDF not covered by security support, see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117722
CVE-2024-32620 (HDF5 Library through 1.14.3 contains a heap-based buffer over-read in ...)
- - hdf5 1.14.5+repack-1 (bug #1070861)
- [bookworm] - hdf5 <no-dsa> (Minor issue)
- [bullseye] - hdf5 <no-dsa> (Minor issue)
+ - hdf5 1.14.5+repack-1 (bug #1070861; unimportant)
NOTE: https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/
+ NOTE: HDF not covered by security support, see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117722
CVE-2024-32619 (HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H ...)
- - hdf5 1.14.5+repack-1 (bug #1070861)
- [bookworm] - hdf5 <no-dsa> (Minor issue)
- [bullseye] - hdf5 <no-dsa> (Minor issue)
+ - hdf5 1.14.5+repack-1 (bug #1070861; unimportant)
NOTE: https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/
+ NOTE: HDF not covered by security support, see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117722
CVE-2024-32618 (HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H ...)
- hdf5 1.14.5+repack-1 (bug #1070861)
[bookworm] - hdf5 <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/76c57bcd2f451b401dd4724e1e94c66c95684d0c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/76c57bcd2f451b401dd4724e1e94c66c95684d0c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260119/92444f17/attachment.htm>
More information about the debian-security-tracker-commits
mailing list