[Git][security-tracker-team/security-tracker][master] final batch of hdf5 updates
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Wed Jan 21 14:12:30 GMT 2026
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7905ccb6 by Moritz Muehlenhoff at 2026-01-21T15:11:58+01:00
final batch of hdf5 updates
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -197964,55 +197964,45 @@ CVE-2024-2290 (The Advanced Ads plugin for WordPress is vulnerable to PHP Object
CVE-2024-29800 (Deserialization of Untrusted Data vulnerability in Timber Team & Contr ...)
NOT-FOR-US: Timber
CVE-2024-29166 (HDF5 through 1.14.3 contains a buffer overflow in H5O__linfo_decode, r ...)
- - hdf5 1.14.5+repack-1 (bug #1070861)
- [bookworm] - hdf5 <no-dsa> (Minor issue)
- [bullseye] - hdf5 <no-dsa> (Minor issue)
+ - hdf5 1.14.5+repack-1 (bug #1070861; unimportant)
NOTE: https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/
+ NOTE: HDF not covered by security support, see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117722
CVE-2024-29165 (HDF5 through 1.14.3 contains a buffer overflow in H5Z__filter_fletcher ...)
- - hdf5 1.14.5+repack-1 (bug #1070861)
- [bookworm] - hdf5 <no-dsa> (Minor issue)
- [bullseye] - hdf5 <no-dsa> (Minor issue)
+ - hdf5 1.14.5+repack-1 (bug #1070861; unimportant)
NOTE: https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/
+ NOTE: HDF not covered by security support, see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117722
CVE-2024-29164 (HDF5 through 1.14.3 contains a stack buffer overflow in H5R__decode_he ...)
- - hdf5 1.14.5+repack-1 (bug #1070861)
- [bookworm] - hdf5 <no-dsa> (Minor issue)
- [bullseye] - hdf5 <no-dsa> (Minor issue)
+ - hdf5 1.14.5+repack-1 (bug #1070861; unimportant)
NOTE: https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/
+ NOTE: HDF not covered by security support, see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117722
CVE-2024-29163 (HDF5 through 1.14.3 contains a heap buffer overflow in H5T__bit_find, ...)
- - hdf5 1.14.5+repack-1 (bug #1070861)
- [bookworm] - hdf5 <no-dsa> (Minor issue)
- [bullseye] - hdf5 <no-dsa> (Minor issue)
+ - hdf5 1.14.5+repack-1 (bug #1070861; unimportant)
NOTE: https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/
+ NOTE: HDF not covered by security support, see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117722
CVE-2024-29162 (HDF5 through 1.13.3 and/or 1.14.2 contains a stack buffer overflow in ...)
- - hdf5 1.14.5+repack-1 (bug #1070861)
- [bookworm] - hdf5 <no-dsa> (Minor issue)
- [bullseye] - hdf5 <no-dsa> (Minor issue)
+ - hdf5 1.14.5+repack-1 (bug #1070861; unimportant)
NOTE: https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/
+ NOTE: HDF not covered by security support, see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117722
CVE-2024-29161 (HDF5 through 1.14.3 contains a heap buffer overflow in H5A__attr_relea ...)
- - hdf5 1.14.5+repack-1 (bug #1070861)
- [bookworm] - hdf5 <no-dsa> (Minor issue)
- [bullseye] - hdf5 <no-dsa> (Minor issue)
+ - hdf5 1.14.5+repack-1 (bug #1070861; unimportant)
NOTE: https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/
+ NOTE: HDF not covered by security support, see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117722
CVE-2024-29160 (HDF5 through 1.14.3 contains a heap buffer overflow in H5HG__cache_hea ...)
- - hdf5 1.14.5+repack-1 (bug #1070861)
- [bookworm] - hdf5 <no-dsa> (Minor issue)
- [bullseye] - hdf5 <no-dsa> (Minor issue)
+ - hdf5 1.14.5+repack-1 (bug #1070861; unimportant)
NOTE: https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/
+ NOTE: HDF not covered by security support, see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117722
CVE-2024-29159 (HDF5 through 1.14.3 contains a buffer overflow in H5Z__filter_scaleoff ...)
- - hdf5 1.14.5+repack-1 (bug #1070861)
- [bookworm] - hdf5 <no-dsa> (Minor issue)
- [bullseye] - hdf5 <no-dsa> (Minor issue)
+ - hdf5 1.14.5+repack-1 (bug #1070861; unimportant)
NOTE: https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/
+ NOTE: HDF not covered by security support, see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117722
CVE-2024-29158 (HDF5 through 1.14.3 contains a stack buffer overflow in H5FL_arr_mallo ...)
- - hdf5 1.14.5+repack-1 (bug #1070861)
- [bookworm] - hdf5 <no-dsa> (Minor issue)
- [bullseye] - hdf5 <no-dsa> (Minor issue)
+ - hdf5 1.14.5+repack-1 (bug #1070861; unimportant)
NOTE: https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/
+ NOTE: HDF not covered by security support, see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117722
CVE-2024-29157 (HDF5 through 1.14.3 contains a heap buffer overflow in H5HG_read, resu ...)
- - hdf5 1.14.5+repack-1 (bug #1070861)
- [bookworm] - hdf5 <no-dsa> (Minor issue)
- [bullseye] - hdf5 <no-dsa> (Minor issue)
+ - hdf5 1.14.5+repack-1 (bug #1070861; unimportant)
NOTE: https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/
+ NOTE: HDF not covered by security support, see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117722
CVE-2024-28075 (The SolarWinds Access Rights Manager was susceptible to Remote Code Ex ...)
NOT-FOR-US: SolarWinds
CVE-2024-24157 (Gnuboard g6 / https://github.com/gnuboard/g6 commit c2cc1f5069e00491ea ...)
@@ -362618,26 +362608,23 @@ CVE-2022-26892
CVE-2022-26891 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2022-26061 (A heap-based buffer overflow vulnerability exists in the gif2h5 functi ...)
- - hdf5 1.10.10+repack-1 (bug #1031726)
- [bookworm] - hdf5 <postponed> (Minor issue, revisit when fixed upstream)
- [bullseye] - hdf5 <postponed> (Minor issue, revisit when fixed upstream)
+ - hdf5 1.10.10+repack-1 (bug #1031726; unimportant)
[buster] - hdf5 <postponed> (Minor issue, revisit when fixed upstream)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1487
NOTE: Starting with 1.10.10+repack-1 gif2h5 and h52gif are no longer installed
+ NOTE: HDF not covered by security support, see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117722
CVE-2022-25972 (An out-of-bounds write vulnerability exists in the gif2h5 functionalit ...)
- - hdf5 1.10.10+repack-1 (bug #1031726)
- [bookworm] - hdf5 <postponed> (Minor issue, revisit when fixed upstream)
- [bullseye] - hdf5 <postponed> (Minor issue, revisit when fixed upstream)
+ - hdf5 1.10.10+repack-1 (bug #1031726; unimportant)
[buster] - hdf5 <postponed> (Minor issue, revisit when fixed upstream)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1485
NOTE: Starting with 1.10.10+repack-1 gif2h5 and h52gif are no longer installed
+ NOTE: HDF not covered by security support, see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117722
CVE-2022-25942 (An out-of-bounds read vulnerability exists in the gif2h5 functionality ...)
- - hdf5 1.10.10+repack-1 (bug #1031726)
- [bookworm] - hdf5 <postponed> (Minor issue, revisit when fixed upstream)
- [bullseye] - hdf5 <postponed> (Minor issue, revisit when fixed upstream)
+ - hdf5 1.10.10+repack-1 (bug #1031726; unimportant)
[buster] - hdf5 <postponed> (Minor issue, revisit when fixed upstream)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1486
NOTE: Starting with 1.10.10+repack-1 gif2h5 and h52gif are no longer installed
+ NOTE: HDF not covered by security support, see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117722
CVE-2022-0935 (Host Header injection in password Reset in GitHub repository livehelpe ...)
NOT-FOR-US: livehelperchat
CVE-2022-26886
@@ -567439,12 +567426,11 @@ CVE-2019-8400 (ORY Hydra before v1.0.0-rc.3+oryOS.9 has Reflected XSS via the oa
CVE-2019-8399
RESERVED
CVE-2019-8398 (An issue was discovered in the HDF HDF5 1.10.4 library. There is an ou ...)
- - hdf5 1.14.5+repack-1 (bug #1034838)
- [bookworm] - hdf5 <no-dsa> (Minor issue)
- [bullseye] - hdf5 <no-dsa> (Minor issue)
+ - hdf5 1.14.5+repack-1 (bug #1034838; unimportant)
[buster] - hdf5 <no-dsa> (Minor issue)
NOTE: https://github.com/magicSwordsMan/PAAFS/tree/master/vul6
NOTE: https://jira.hdfgroup.org/browse/HDFFV-10710
+ NOTE: HDF not covered by security support, see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117722
CVE-2019-8397 (An issue was discovered in the HDF HDF5 1.10.4 library. There is an ou ...)
- hdf5 <unfixed> (unimportant)
[buster] - hdf5 <no-dsa> (Minor issue)
@@ -567454,14 +567440,13 @@ CVE-2019-8397 (An issue was discovered in the HDF HDF5 1.10.4 library. There is
NOTE: issue in upstream bug tracker: https://jira.hdfgroup.org/browse/HDFFV-10711
NOTE: Negligible security impact, malicous scientific data has more issues than a crash
CVE-2019-8396 (A buffer overflow in H5O__layout_encode in H5Olayout.c in the HDF HDF5 ...)
- - hdf5 1.14.5+repack-1 (bug #1034838)
- [bookworm] - hdf5 <no-dsa> (Minor issue)
- [bullseye] - hdf5 <no-dsa> (Minor issue)
+ - hdf5 1.14.5+repack-1 (bug #1034838; unimportant)
[buster] - hdf5 <no-dsa> (Minor issue)
NOTE: https://github.com/magicSwordsMan/PAAFS/tree/master/vul4
NOTE: https://jira.hdfgroup.org/browse/HDFFV-10712
NOTE: HDFFV-10712 is marked to be closed in a future 1.10.8 upstream release.
NOTE: Upstream fix was made in May 2021 after the 1.12.0 release (Mar 2020)
+ NOTE: HDF not covered by security support, see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117722
CVE-2019-8395 (An Insecure Direct Object Reference (IDOR) vulnerability exists in Zoh ...)
NOT-FOR-US: Zoho ManageEngine ServiceDesk Plus
CVE-2019-8394 (Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10012 allow ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7905ccb60a38a3d5fe29b8a79a030f43347acfb2
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7905ccb60a38a3d5fe29b8a79a030f43347acfb2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260121/6b300984/attachment.htm>
More information about the debian-security-tracker-commits
mailing list