hdf5 - Debian Package Tracker

general

source: hdf5 (main)
version: 1.10.7+repack-1
maintainer: Gilles Filippini (DMD)
arch: all any
std-ver: 4.5.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1.10.0-patch1+docs-3+deb9u1
oldstable: 1.10.4+repack-10
stable: 1.10.6+repack-4
testing: 1.10.6+repack-5
unstable: 1.10.7+repack-1
exp: 1.12.0+repack-1~exp2

versioned links

1.10.0-patch1+docs-3+deb9u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.10.4+repack-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.10.4+repack-10: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.10.6+repack-4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.10.6+repack-5: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.10.7+repack-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.12.0+repack-1~exp2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

hdf5-helpers
hdf5-tools (5 bugs: 0, 5, 0, 0)
libhdf5-103
libhdf5-103-1
libhdf5-cpp-103
libhdf5-cpp-103-1
libhdf5-dev (1 bugs: 0, 1, 0, 0)
libhdf5-doc
libhdf5-fortran-102
libhdf5-hl-100
libhdf5-hl-cpp-100
libhdf5-hl-fortran-100
libhdf5-java
libhdf5-jni
libhdf5-mpi-dev
libhdf5-mpich-103
libhdf5-mpich-103-1
libhdf5-mpich-cpp-103-1
libhdf5-mpich-dev
libhdf5-mpich-fortran-102
libhdf5-mpich-hl-100
libhdf5-mpich-hl-cpp-100
libhdf5-mpich-hl-fortran-100
libhdf5-openmpi-103
libhdf5-openmpi-103-1
libhdf5-openmpi-cpp-103-1
libhdf5-openmpi-dev (1 bugs: 0, 1, 0, 0)
libhdf5-openmpi-fortran-102
libhdf5-openmpi-hl-100
libhdf5-openmpi-hl-cpp-100
libhdf5-openmpi-hl-fortran-100

action needed

A new upstream version is available: 1.12.0 high

A new upstream version 1.12.0 is available, you should consider packaging it.

Created: 2020-10-26 Last update: 2021-09-20 16:00

17 security issues in stretch high

There are 17 open security issues in stretch.

3 important issues:

CVE-2018-11205: A out of bounds read was discovered in H5VM_memcpyvv in H5VM.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service or information disclosure attack.
CVE-2019-8396: A buffer overflow in H5O__layout_encode in H5Olayout.c in the HDF HDF5 through 1.10.4 library allows attackers to cause a denial of service via a crafted HDF5 file. This issue was triggered while repacking an HDF5 file, aka "Invalid write of size 2."
CVE-2019-8398: An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5T_get_size in H5T.c.

14 issues postponed or untriaged:

CVE-2017-17505: (needs triaging) In HDF5 1.10.1, there is a NULL pointer dereference in the function H5O_pline_decode in the H5Opline.c file in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file.
CVE-2017-17506: (needs triaging) In HDF5 1.10.1, there is an out of bounds read vulnerability in the function H5Opline_pline_decode in H5Opline.c in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file.
CVE-2017-17508: (needs triaging) In HDF5 1.10.1, there is a divide-by-zero vulnerability in the function H5T_set_loc in the H5T.c file in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file.
CVE-2017-17509: (needs triaging) In HDF5 1.10.1, there is an out of bounds write vulnerability in the function H5G__ent_decode_vec in H5Gcache.c in libhdf5.a. For example, h5dump would crash or possibly have unspecified other impact someone opens a crafted hdf5 file.
CVE-2018-11202: (needs triaging) A NULL pointer dereference was discovered in H5S_hyper_make_spans in H5Shyper.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack.
CVE-2018-11203: (needs triaging) A division by zero was discovered in H5D__btree_decode_key in H5Dbtree.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack.
CVE-2018-11204: (needs triaging) A NULL pointer dereference was discovered in H5O__chunk_deserialize in H5Ocache.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack.
CVE-2018-11206: (needs triaging) An out of bounds read was discovered in H5O_fill_new_decode and H5O_fill_old_decode in H5Ofill.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service or information disclosure attack.
CVE-2018-11207: (needs triaging) A division by zero was discovered in H5D__chunk_init in H5Dchunk.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack.
CVE-2018-17233: (needs triaging) A SIGFPE signal is raised in the function H5D__create_chunk_file_map_hyper() of H5Dchunk.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. It could allow a remote denial of service attack.
CVE-2018-17234: (needs triaging) Memory leak in the H5O__chunk_deserialize() function in H5Ocache.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service (memory consumption) via a crafted HDF5 file.
CVE-2018-17237: (needs triaging) A SIGFPE signal is raised in the function H5D__chunk_set_info_real() of H5Dchunk.c in the HDF HDF5 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. This issue is different from CVE-2018-11207.
CVE-2018-17434: (needs triaging) A SIGFPE signal is raised in the function apply_filters() of h5repack_filters.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. It could allow a remote denial of service attack.
CVE-2018-17437: (needs triaging) Memory leak in the H5O_dtype_decode_helper() function in H5Odtype.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service (memory consumption) via a crafted HDF5 file.

Created: 2021-02-19 Last update: 2021-09-09 22:07

3 security issues in sid high

There are 3 open security issues in sid.

3 important issues:

CVE-2018-11205: A out of bounds read was discovered in H5VM_memcpyvv in H5VM.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service or information disclosure attack.
CVE-2019-8396: A buffer overflow in H5O__layout_encode in H5Olayout.c in the HDF HDF5 through 1.10.4 library allows attackers to cause a denial of service via a crafted HDF5 file. This issue was triggered while repacking an HDF5 file, aka "Invalid write of size 2."
CVE-2019-8398: An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5T_get_size in H5T.c.

Created: 2021-02-19 Last update: 2021-09-09 22:07

8 security issues in buster high

There are 8 open security issues in buster.

3 important issues:

CVE-2018-11205: A out of bounds read was discovered in H5VM_memcpyvv in H5VM.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service or information disclosure attack.
CVE-2019-8396: A buffer overflow in H5O__layout_encode in H5Olayout.c in the HDF HDF5 through 1.10.4 library allows attackers to cause a denial of service via a crafted HDF5 file. This issue was triggered while repacking an HDF5 file, aka "Invalid write of size 2."
CVE-2019-8398: An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5T_get_size in H5T.c.

5 issues left for the package maintainer to handle:

CVE-2018-17233: (needs triaging) A SIGFPE signal is raised in the function H5D__create_chunk_file_map_hyper() of H5Dchunk.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. It could allow a remote denial of service attack.
CVE-2018-17234: (needs triaging) Memory leak in the H5O__chunk_deserialize() function in H5Ocache.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service (memory consumption) via a crafted HDF5 file.
CVE-2018-17237: (needs triaging) A SIGFPE signal is raised in the function H5D__chunk_set_info_real() of H5Dchunk.c in the HDF HDF5 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. This issue is different from CVE-2018-11207.
CVE-2018-17434: (needs triaging) A SIGFPE signal is raised in the function apply_filters() of h5repack_filters.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. It could allow a remote denial of service attack.
CVE-2018-17437: (needs triaging) Memory leak in the H5O_dtype_decode_helper() function in H5Odtype.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service (memory consumption) via a crafted HDF5 file.

You can find information about how to handle these issues in the security team's documentation.

Created: 2021-02-19 Last update: 2021-09-09 22:07

3 security issues in bullseye high

There are 3 open security issues in bullseye.

3 important issues:

CVE-2018-11205: A out of bounds read was discovered in H5VM_memcpyvv in H5VM.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service or information disclosure attack.
CVE-2019-8396: A buffer overflow in H5O__layout_encode in H5Olayout.c in the HDF HDF5 through 1.10.4 library allows attackers to cause a denial of service via a crafted HDF5 file. This issue was triggered while repacking an HDF5 file, aka "Invalid write of size 2."
CVE-2019-8398: An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5T_get_size in H5T.c.

Created: 2021-02-19 Last update: 2021-09-09 22:07

3 security issues in bookworm high

There are 3 open security issues in bookworm.

3 important issues:

CVE-2018-11205: A out of bounds read was discovered in H5VM_memcpyvv in H5VM.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service or information disclosure attack.
CVE-2019-8396: A buffer overflow in H5O__layout_encode in H5Olayout.c in the HDF HDF5 through 1.10.4 library allows attackers to cause a denial of service via a crafted HDF5 file. This issue was triggered while repacking an HDF5 file, aka "Invalid write of size 2."
CVE-2019-8398: An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5T_get_size in H5T.c.

Created: 2021-08-15 Last update: 2021-09-09 22:07

The package has not entered testing even though the delay is over normal

The package has not entered testing even though the 5-day delay is over. Check why.

Created: 2021-09-15 Last update: 2021-09-20 21:35

Multiarch hinter reports 2 issue(s) normal

There are issues with the multiarch metadata for this package.

libhdf5-doc could be marked Multi-Arch: foreign
libhdf5-mpi-dev could be marked Multi-Arch: same

Created: 2016-09-14 Last update: 2021-09-20 19:33

Fails to build during reproducibility testing normal

A package building reproducibly enables third parties to verify that the source matches the distributed binaries. It has been identified that this source package produced different results, failed to build or had other issues in a test environment. Please read about how to improve the situation!

Created: 2021-09-09 Last update: 2021-09-20 19:31

version in VCS is newer than in repository, is it time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 1.12.0+repack-1~exp3, distribution UNRELEASED) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:

commit a4c00969ac18b6c0453f3db9eed8ed9025e2476e
Author: Gilles Filippini <pini@debian.org>
Date:   Fri Apr 24 23:56:44 2020 +0200

    Don't need transitional cpp libs links anymore

commit 80203fc1c9043d4eabcc2c197c5a906fb89805be
Author: Gilles Filippini <pini@debian.org>
Date:   Fri Apr 24 23:42:37 2020 +0200

    Drop useless hunk from flavor-configure-option.patch

commit 2e688df3c4b26b7350756c95bbe814702ca4e7de
Author: Gilles Filippini <pini@debian.org>
Date:   Fri Apr 24 10:23:45 2020 +0200

    Fix Multi-Arch fileds
    
    Follow hints given by Multiarch hinter on the package tracke page.

Created: 2020-04-24 Last update: 2021-09-18 02:35

lintian reports 64 warnings normal

Lintian reports 64 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2020-09-21 Last update: 2021-09-06 18:32

Build log checks report 3 warnings low

Build log checks report 3 warnings

Created: 2021-09-10 Last update: 2021-09-10 08:35

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.6.0 instead of 4.5.0).

Created: 2020-11-17 Last update: 2021-09-09 22:10

testing migrations

This package will soon be part of the auto-hdf5 transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.
excuses:
- Migrates after: glibc, openmpi
- Migration status for hdf5 (1.10.6+repack-5 to 1.10.7+repack-1): BLOCKED: Rejected/violates migration policy/introduces a regression
- Issues preventing migration:
- autopkgtest for pytables/3.6.1-3: amd64: Regression ♻ (reference ♻), arm64: Regression ♻ (reference ♻), armhf: Regression ♻ (reference ♻), i386: Regression ♻ (reference ♻), ppc64el: Regression ♻ (reference ♻)
- autopkgtest for r-bioc-rhdf5/2.34.0+dfsg-1: amd64: Regression ♻ (reference ♻), arm64: Not a regression, armhf: Not a regression, i386: Regression ♻ (reference ♻), ppc64el: Not a regression
- autopkgtest for r-bioc-rhdf5lib/1.12.1+dfsg-3: amd64: Regression ♻ (reference ♻), arm64: Regression ♻ (reference ♻), armhf: Regression ♻ (reference ♻), i386: Regression ♻ (reference ♻), ppc64el: Regression ♻ (reference ♻)
- autopkgtest for xmds2/blacklisted: amd64: Ignored failure, ppc64el: Not a regression
- Depends: hdf5 glibc
- Depends: hdf5 openmpi
- Additional info:
- Piuparts tested OK - https://piuparts.debian.org/sid/source/h/hdf5.html
- 11 days old (needed 5 days)
- Not considered

news

[rss feed]

[2021-09-20] Accepted hdf5 1.10.6+repack-4+deb11u1 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Gilles Filippini)
[2021-09-09] Accepted hdf5 1.10.7+repack-1 (source) into unstable (Gilles Filippini)
[2021-08-17] hdf5 1.10.6+repack-5 MIGRATED to testing (Debian testing watch)
[2021-08-11] Accepted hdf5 1.10.6+repack-5 (source) into unstable (Gilles Filippini)
[2021-06-22] hdf5 1.10.6+repack-4 MIGRATED to testing (Debian testing watch)
[2021-06-16] Accepted hdf5 1.10.6+repack-4 (source) into unstable (Gilles Filippini)
[2021-06-14] Accepted hdf5 1.10.6+repack-3 (source) into unstable (Gilles Filippini)
[2020-05-05] hdf5 1.10.6+repack-2 MIGRATED to testing (Debian testing watch)
[2020-04-25] Accepted hdf5 1.10.6+repack-2 (source) into unstable (Gilles Filippini)
[2020-04-25] hdf5 1.10.6+repack-1 MIGRATED to testing (Debian testing watch)
[2020-04-23] Accepted hdf5 1.12.0+repack-1~exp2 (source) into experimental (Gilles Filippini)
[2020-04-02] Accepted hdf5 1.12.0+repack-1~exp1 (source amd64 all) into experimental, experimental (Debian FTP Masters) (signed by: Gilles Filippini)
[2020-03-28] Accepted hdf5 1.10.6+repack-1 (source) into unstable (Gilles Filippini)
[2020-03-18] Accepted hdf5 1.10.6+repack-1~exp5 (source) into experimental (Gilles Filippini)
[2020-03-16] Accepted hdf5 1.10.6+repack-1~exp4 (source) into experimental (Gilles Filippini)
[2020-02-29] hdf5 1.10.4+repack-11 MIGRATED to testing (Debian testing watch)
[2020-02-23] Accepted hdf5 1.10.4+repack-11 (source) into unstable (Gilles Filippini)
[2020-01-05] Accepted hdf5 1.10.6+repack-1~exp3 (source) into experimental (Gilles Filippini)
[2019-12-29] Accepted hdf5 1.10.6+repack-1~exp2 (source) into experimental (Gilles Filippini)
[2019-12-27] Accepted hdf5 1.10.6+repack-1~exp1 (source) into experimental (Gilles Filippini)
[2019-08-13] Accepted hdf5 1.10.5+repack-1~exp8 (source) into experimental (Gilles Filippini)
[2019-08-13] Accepted hdf5 1.10.5+repack-1~exp7 (source) into experimental (Gilles Filippini)
[2019-05-22] Accepted hdf5 1.10.5+repack-1~exp6 (source amd64 all) into experimental, experimental (Gilles Filippini)
[2019-04-29] Accepted hdf5 1.10.5+repack-1~exp5 (source) into experimental (Gilles Filippini)
[2019-04-21] Accepted hdf5 1.10.5+repack-1~exp4 (source) into experimental (Gilles Filippini)
[2019-04-15] Accepted hdf5 1.10.5+repack-1~exp3 (source amd64 all) into experimental, experimental (Gilles Filippini)
[2019-03-31] Accepted hdf5 1.10.5+repack-1~exp2 (source) into experimental (Gilles Filippini)
[2019-03-29] Accepted hdf5 1.10.5+repack-1~exp1 (source amd64 all) into experimental, experimental (Gilles Filippini)
[2019-02-09] hdf5 1.10.4+repack-10 MIGRATED to testing (Debian testing watch)
[2019-02-03] Accepted hdf5 1.10.4+repack-10 (source) into unstable (Gilles Filippini)

bugs [bug history graph]

all: 13
RC: 0
I&N: 10
M&W: 3
F&P: 0
patch: 0

links

homepage
lintian (0, 64)
buildd: logs, exp, checks, clang, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1.10.6+repack-5
12 bugs (1 patch)