Debian Package Tracker

general

source: hdf5 (main)
version: 1.10.0-patch1+docs-4
maintainer: Debian GIS Project (archive) [DMD]
uploaders: Francesco Paolo Lovergine [DMD] – Gilles Filippini [DMD]
arch: all any
std-ver: 3.9.8
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1.8.8-9
o-o-sec: 1.8.8-9+deb7u1
oldstable: 1.8.13+docs-15+deb8u1
old-sec: 1.8.13+docs-15+deb8u1
stable: 1.10.0-patch1+docs-3+deb9u1
testing: 1.10.0-patch1+docs-4
unstable: 1.10.0-patch1+docs-4
exp: 1.10.2+repack-1~exp1

versioned links

1.8.8-9: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.8.8-9+deb7u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.8.13+docs-15+deb8u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.10.0-patch1+docs-3+deb9u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.10.0-patch1+docs-4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.10.1+docs-1~exp2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.10.2+repack-1~exp1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

hdf5-helpers
hdf5-tools
libhdf5-100
libhdf5-cpp-100
libhdf5-dev
libhdf5-doc
libhdf5-java
libhdf5-jni
libhdf5-mpi-dev
libhdf5-mpich-100
libhdf5-mpich-dev
libhdf5-openmpi-100
libhdf5-openmpi-dev
libhdf5-serial-dev

action needed

Problems while searching for a new upstream version high

uscan had problems while searching for a new upstream version:

In watch file debian/watch, reading webpage
  ftp://ftp.hdfgroup.org/HDF5/releases/ failed: 401 [LWP::Protocol::MyFTP] Connection closed

Created: 2017-12-19 Last update: 2018-06-23 14:20

11 security issues in sid high

There are 11 open security issues in sid.

11 important issues:

CVE-2017-17506: In HDF5 1.10.1, there is an out of bounds read vulnerability in the function H5Opline_pline_decode in H5Opline.c in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file.
CVE-2017-17508: In HDF5 1.10.1, there is a divide-by-zero vulnerability in the function H5T_set_loc in the H5T.c file in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file.
CVE-2017-17507: In HDF5 1.10.1, there is an out of bounds read vulnerability in the function H5T_conv_struct_opt in H5Tconv.c in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file.
CVE-2017-17505: In HDF5 1.10.1, there is a NULL pointer dereference in the function H5O_pline_decode in the H5Opline.c file in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file.
CVE-2018-11203: A division by zero was discovered in H5D__btree_decode_key in H5Dbtree.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack.
CVE-2018-11207: A division by zero was discovered in H5D__chunk_init in H5Dchunk.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack.
CVE-2018-11206: A out of bounds read was discovered in H5O_fill_new_decode and H5O_fill_old_decode in H5Ofill.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service or information disclosure attack.
CVE-2018-11205: A out of bounds read was discovered in H5VM_memcpyvv in H5VM.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service or information disclosure attack.
CVE-2018-11204: A NULL pointer dereference was discovered in H5O__chunk_deserialize in H5Ocache.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack.
CVE-2018-11202: A NULL pointer dereference was discovered in H5S_hyper_make_spans in H5Shyper.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack.
CVE-2017-17509: In HDF5 1.10.1, there is an out of bounds write vulnerability in the function H5G__ent_decode_vec in H5Gcache.c in libhdf5.a. For example, h5dump would crash or possibly have unspecified other impact someone opens a crafted hdf5 file.

Please fix them.

Created: 2017-12-11 Last update: 2018-06-19 20:07

11 security issues in buster high

There are 11 open security issues in buster.

11 important issues:

CVE-2017-17506: In HDF5 1.10.1, there is an out of bounds read vulnerability in the function H5Opline_pline_decode in H5Opline.c in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file.
CVE-2017-17508: In HDF5 1.10.1, there is a divide-by-zero vulnerability in the function H5T_set_loc in the H5T.c file in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file.
CVE-2017-17507: In HDF5 1.10.1, there is an out of bounds read vulnerability in the function H5T_conv_struct_opt in H5Tconv.c in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file.
CVE-2017-17505: In HDF5 1.10.1, there is a NULL pointer dereference in the function H5O_pline_decode in the H5Opline.c file in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file.
CVE-2018-11203: A division by zero was discovered in H5D__btree_decode_key in H5Dbtree.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack.
CVE-2018-11207: A division by zero was discovered in H5D__chunk_init in H5Dchunk.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack.
CVE-2018-11206: A out of bounds read was discovered in H5O_fill_new_decode and H5O_fill_old_decode in H5Ofill.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service or information disclosure attack.
CVE-2018-11205: A out of bounds read was discovered in H5VM_memcpyvv in H5VM.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service or information disclosure attack.
CVE-2018-11204: A NULL pointer dereference was discovered in H5O__chunk_deserialize in H5Ocache.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack.
CVE-2018-11202: A NULL pointer dereference was discovered in H5S_hyper_make_spans in H5Shyper.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack.
CVE-2017-17509: In HDF5 1.10.1, there is an out of bounds write vulnerability in the function H5G__ent_decode_vec in H5Gcache.c in libhdf5.a. For example, h5dump would crash or possibly have unspecified other impact someone opens a crafted hdf5 file.

Please fix them.

Created: 2017-12-11 Last update: 2018-06-19 20:07

lintian reports 29 warnings high

Lintian reports 29 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2015-03-07 Last update: 2018-04-19 08:00

Standards version of the package is outdated. high

The package is severely out of date with respect to the Debian Policy. The package should be updated to follow the last version of Debian Policy (Standards-Version 4.1.4 instead of 3.9.8).

Created: 2017-08-14 Last update: 2018-04-16 20:45

Multiarch hinter reports 2 issue(s) normal

There are issues with the multiarch metadata for this package.

libhdf5-doc could be marked Multi-Arch: foreign
libhdf5-mpi-dev could be marked Multi-Arch: same

Created: 2016-09-14 Last update: 2018-06-23 14:36

A new version is available in the VCS, consider uploading it. normal

vcswatch reports that this package has a new version ready in the VCS. You should consider uploading into the archive.

Created: 2018-02-11 Last update: 2018-05-07 20:16

11 ignored security issues in stretch low

There are 11 open security issues in stretch.

11 issues skipped by the security teams:

CVE-2017-17506: In HDF5 1.10.1, there is an out of bounds read vulnerability in the function H5Opline_pline_decode in H5Opline.c in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file.
CVE-2017-17508: In HDF5 1.10.1, there is a divide-by-zero vulnerability in the function H5T_set_loc in the H5T.c file in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file.
CVE-2017-17507: In HDF5 1.10.1, there is an out of bounds read vulnerability in the function H5T_conv_struct_opt in H5Tconv.c in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file.
CVE-2017-17505: In HDF5 1.10.1, there is a NULL pointer dereference in the function H5O_pline_decode in the H5Opline.c file in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file.
CVE-2018-11203: A division by zero was discovered in H5D__btree_decode_key in H5Dbtree.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack.
CVE-2018-11207: A division by zero was discovered in H5D__chunk_init in H5Dchunk.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack.
CVE-2018-11206: A out of bounds read was discovered in H5O_fill_new_decode and H5O_fill_old_decode in H5Ofill.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service or information disclosure attack.
CVE-2018-11205: A out of bounds read was discovered in H5VM_memcpyvv in H5VM.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service or information disclosure attack.
CVE-2018-11204: A NULL pointer dereference was discovered in H5O__chunk_deserialize in H5Ocache.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack.
CVE-2018-11202: A NULL pointer dereference was discovered in H5S_hyper_make_spans in H5Shyper.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack.
CVE-2017-17509: In HDF5 1.10.1, there is an out of bounds write vulnerability in the function H5G__ent_decode_vec in H5Gcache.c in libhdf5.a. For example, h5dump would crash or possibly have unspecified other impact someone opens a crafted hdf5 file.

Please fix them.

Created: 2017-12-11 Last update: 2018-06-19 20:07

11 ignored security issues in jessie low

There are 11 open security issues in jessie.

11 issues skipped by the security teams:

CVE-2017-17506: In HDF5 1.10.1, there is an out of bounds read vulnerability in the function H5Opline_pline_decode in H5Opline.c in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file.
CVE-2017-17508: In HDF5 1.10.1, there is a divide-by-zero vulnerability in the function H5T_set_loc in the H5T.c file in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file.
CVE-2017-17507: In HDF5 1.10.1, there is an out of bounds read vulnerability in the function H5T_conv_struct_opt in H5Tconv.c in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file.
CVE-2017-17505: In HDF5 1.10.1, there is a NULL pointer dereference in the function H5O_pline_decode in the H5Opline.c file in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file.
CVE-2018-11203: A division by zero was discovered in H5D__btree_decode_key in H5Dbtree.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack.
CVE-2018-11207: A division by zero was discovered in H5D__chunk_init in H5Dchunk.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack.
CVE-2018-11206: A out of bounds read was discovered in H5O_fill_new_decode and H5O_fill_old_decode in H5Ofill.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service or information disclosure attack.
CVE-2018-11205: A out of bounds read was discovered in H5VM_memcpyvv in H5VM.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service or information disclosure attack.
CVE-2018-11204: A NULL pointer dereference was discovered in H5O__chunk_deserialize in H5Ocache.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack.
CVE-2018-11202: A NULL pointer dereference was discovered in H5S_hyper_make_spans in H5Shyper.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack.
CVE-2017-17509: In HDF5 1.10.1, there is an out of bounds write vulnerability in the function H5G__ent_decode_vec in H5Gcache.c in libhdf5.a. For example, h5dump would crash or possibly have unspecified other impact someone opens a crafted hdf5 file.

Please fix them.

Created: 2017-12-11 Last update: 2018-06-19 20:07

Build log checks report 4 warnings low

Build log checks report 4 warnings

Created: 2017-10-26 Last update: 2017-10-26 07:22

testing migrations

This package will soon be part of the auto-hdf5 transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.

news

[rss feed]

[2018-04-04] Accepted hdf5 1.10.2+repack-1~exp1 (source amd64 all) into experimental, experimental (Gilles Filippini)
[2018-03-02] Accepted hdf5 1.10.0-patch1+docs-3+deb9u1 (source) into proposed-updates->stable-new, proposed-updates (Gilles Filippini)
[2018-01-14] Accepted hdf5 1.10.1+repack-1~exp1 (source) into experimental (Gilles Filippini)
[2017-10-22] Accepted hdf5 1.10.1+docs-1~exp2 (source) into experimental (Gilles Filippini)
[2017-10-16] Accepted hdf5 1.10.1+docs-1~exp1 (source amd64 all) into experimental, experimental (Gilles Filippini)
[2017-08-19] hdf5 1.10.0-patch1+docs-4 MIGRATED to testing (Debian testing watch)
[2017-08-13] Accepted hdf5 1.10.0-patch1+docs-4 (source) into unstable (Gilles Filippini)
[2016-12-31] Accepted hdf5 1.8.8-9+deb7u1 (source all amd64) into oldstable (Thorsten Alteholz)
[2016-12-16] hdf5 1.10.0-patch1+docs-3 MIGRATED to testing (Debian testing watch)
[2016-12-05] Accepted hdf5 1.10.0-patch1+docs-3 (source) into unstable (Gilles Filippini)
[2016-12-04] hdf5 1.10.0-patch1+docs-1 MIGRATED to testing (Debian testing watch)
[2016-12-04] Accepted hdf5 1.10.0-patch1+docs-2 (source) into unstable (Gilles Filippini)
[2016-12-03] Accepted hdf5 1.8.13+docs-15+deb8u1 (source all amd64) into proposed-updates->stable-new, proposed-updates (Gilles Filippini)
[2016-12-01] Accepted hdf5 1.10.0-patch1+docs-2~exp2 (source) into experimental (Gilles Filippini)
[2016-11-30] Accepted hdf5 1.10.0-patch1+docs-2~exp1 (source amd64 all) into experimental, experimental (Gilles Filippini)
[2016-11-28] Accepted hdf5 1.10.0-patch1+docs-1 (source) into unstable (Gilles Filippini)
[2016-11-26] Accepted hdf5 1.10.0-patch1+docs-1~exp6 (source) into experimental (Gilles Filippini)
[2016-11-26] Accepted hdf5 1.10.0-patch1+docs-1~exp5 (source) into experimental (Gilles Filippini)
[2016-07-22] Accepted hdf5 1.10.0-patch1+docs-1~exp4 (source amd64 all) into experimental (Gilles Filippini)
[2016-06-28] Accepted hdf5 1.10.0-patch1+docs-1~exp3 (source amd64 all) into experimental (Gilles Filippini)
[2016-05-25] Accepted hdf5 1.10.0-patch1+docs-1~exp2 (source amd64 all) into experimental (Gilles Filippini)
[2016-05-22] Accepted hdf5 1.10.0-patch1+docs-1~exp1 (source amd64 all) into experimental (Gilles Filippini)
[2016-04-29] hdf5 1.8.16+docs-8 MIGRATED to testing (Debian testing watch)
[2016-04-23] Accepted hdf5 1.8.16+docs-8 (source amd64 all) into unstable (Gilles Filippini)
[2016-04-21] Accepted hdf5 1.10.0+docs-1~exp3 (source amd64 all) into experimental (Gilles Filippini)
[2016-04-18] Accepted hdf5 1.10.0+docs-1~exp2 (source amd64 all) into experimental (Gilles Filippini)
[2016-04-18] Accepted hdf5 1.10.0+docs-1~exp1 (source amd64 all) into experimental, experimental (Gilles Filippini)
[2016-04-13] hdf5 1.8.16+docs-7 MIGRATED to testing (Debian testing watch)
[2016-03-19] Accepted hdf5 1.8.16+docs-7 (source amd64 all) into unstable (Gilles Filippini)
[2016-02-28] hdf5 1.8.16+docs-6 MIGRATED to testing (Debian testing watch)

bugs [bug history graph]

all: 13
RC: 0
I&N: 11
M&W: 2
F&P: 0

links

homepage
lintian (0, 29)
buildd: logs, exp, checks, clang, reproducibility
popcon
browse source code
edit tags
security tracker

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1.10.0-patch1+docs-4
10 bugs (1 patch)