[Git][debian-gis-team/hdf5][master] 2 commits: Acknowledging fixed CVE in 1.10.2 and 1.10.3

Thu Dec 13 21:20:09 GMT 2018

Gilles Filippini pushed to branch master at Debian GIS Project / hdf5


Commits:
846ec404 by Gilles Filippini at 2018-12-13T21:15:38Z
Acknowledging fixed CVE in 1.10.2 and 1.10.3

- - - - -
4b89a1d7 by Gilles Filippini at 2018-12-13T21:19:54Z
Drop transitional package libhdf5-serial-dev

- - - - -


3 changed files:

- debian/changelog
- debian/control
- debian/control.in


Changes:

=====================================
debian/changelog
=====================================
@@ -1,3 +1,27 @@
+hdf5 (1.10.4+repack-2) UNRELEASED; urgency=medium
+
+  * Drop transitional package libhdf5-serial-dev (closes: #878535)
+
+  * Acknowledging fixed CVE in previous releases:
+    - Fixed in upstream release 1.10.2 (closes: #884365):
+      . CVE-2017-17505: NULL pointer dereference in function H5O_pline_decod
+      . CVE-2017-17506: out of bounds read vulnerability in function
+                        H5Opline_pline_decode
+      . CVE-2017-17508: divide-by-zero vulnerability in function H5T_set_loc
+      . CVE-2017-17509: out of bounds write vulnerability in function
+                        H5G__ent_decode_vec
+    - Fixed in upstream release 1.10.3:
+      . CVE-2018-11202: NULL pointer dereference in function
+                        H5S_hyper_make_spans
+      . CVE-2018-11203: division by zero in function H5D__btree_decode_key
+      . CVE-2018-11204: NULL pointer dereference in function
+                        H5O__chunk_deserialize
+      . CVE-2018-11206: out of bound read in functions H5O_fill_new_decode
+                        and H5O_fill_old_decode
+      . CVE-2018-11207: division by zero in function H5D__chunk_init
+
+ -- Gilles Filippini <pini at debian.org>  Thu, 06 Dec 2018 22:43:08 +0100
+
 hdf5 (1.10.4+repack-1) unstable; urgency=medium
 
   * Upload to unstable


=====================================
debian/control
=====================================
@@ -211,15 +211,6 @@ Description: Hierarchical Data Format 5 (HDF5) - Runtime tools
  .
  This package contains runtime tools for HDF5.
 
-Package: libhdf5-serial-dev
-Architecture: all
-Section: oldlibs
-Depends: libhdf5-dev,
-         ${misc:Depends}
-Description: transitional dummy package
- This package is a transitionnal package from libhdf5-serial-dev to
- libhdf5-dev. It can safely be removed.
-
 Package: libhdf5-java
 Architecture: all
 Section: java


=====================================
debian/control.in
=====================================
@@ -211,15 +211,6 @@ Description: Hierarchical Data Format 5 (HDF5) - Runtime tools
  .
  This package contains runtime tools for HDF5.
 
-Package: libhdf5-serial-dev
-Architecture: all
-Section: oldlibs
-Depends: libhdf5-dev,
-         ${misc:Depends}
-Description: transitional dummy package
- This package is a transitionnal package from libhdf5-serial-dev to
- libhdf5-dev. It can safely be removed.
-
 Package: libhdf5-java
 Architecture: all
 Section: java



View it on GitLab: https://salsa.debian.org/debian-gis-team/hdf5/compare/435a83f8062f5a72e6f4b579f2009be32f6280eb...4b89a1d7d29b792aaa39333b2a4ec2058d35a9c5

-- 
View it on GitLab: https://salsa.debian.org/debian-gis-team/hdf5/compare/435a83f8062f5a72e6f4b579f2009be32f6280eb...4b89a1d7d29b792aaa39333b2a4ec2058d35a9c5
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-grass-devel/attachments/20181213/9bf93781/attachment-0001.html>
