Bug#1123960: netcdf: CVE-2025-14932 CVE-2025-14933 CVE-2025-14934 CVE-2025-14935 CVE-2025-14936
Sebastiaan Couwenberg
sebastic at xs4all.nl
Thu Dec 25 07:36:16 GMT 2025
Control: tags -1 upstream
Control: forwarded -1 https://github.com/Unidata/netcdf-c/issues/3236
On 12/25/25 7:43 AM, Salvatore Bonaccorso wrote:
> The set of reports oginate from ZDI reports and it not very clear if
> the issues will get fixed and have not found public upstream
> references where they track those. So this might be a first step at
> all to track these properly as well for us downstream. For now the CVE
> entries just refernce to the published ZDI reports.
I'm fairly sure we don't have to expect anything from upstream until after the festive season.
Hopefully this will get fixed before the 4.10.0 release which still has many outstanding issues.
I've forwarded this issue upstream to inquire about the release in which we can expect fixes.
Kind Regards,
Bas
--
PGP Key ID: 4096R/6750F10AE88D4AF1
Fingerprint: 8182 DE41 7056 408D 6146 50D1 6750 F10A E88D 4AF1
More information about the Pkg-grass-devel
mailing list