hdf5 - Debian Package Tracker

general

source: hdf5 (main)
version: 1.10.6+repack-2
maintainer: Gilles Filippini (DMD)
arch: all any
std-ver: 4.5.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

oldstable: 1.10.0-patch1+docs-3+deb9u1
stable: 1.10.4+repack-10
testing: 1.10.6+repack-2
unstable: 1.10.6+repack-2
exp: 1.12.0+repack-1~exp2

versioned links

1.10.0-patch1+docs-3+deb9u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.10.4+repack-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.10.4+repack-10: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.10.4+repack-11: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.10.6+repack-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.12.0+repack-1~exp2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

hdf5-helpers
hdf5-tools (5 bugs: 0, 5, 0, 0)
libhdf5-103-1
libhdf5-cpp-103-1
libhdf5-dev (1 bugs: 0, 1, 0, 0)
libhdf5-doc
libhdf5-fortran-102
libhdf5-hl-100
libhdf5-hl-cpp-100
libhdf5-hl-fortran-100
libhdf5-java
libhdf5-jni
libhdf5-mpi-dev
libhdf5-mpich-103-1
libhdf5-mpich-cpp-103-1
libhdf5-mpich-dev
libhdf5-mpich-fortran-102
libhdf5-mpich-hl-100
libhdf5-mpich-hl-cpp-100
libhdf5-mpich-hl-fortran-100
libhdf5-openmpi-103-1
libhdf5-openmpi-cpp-103-1
libhdf5-openmpi-dev (2 bugs: 0, 1, 1, 0)
libhdf5-openmpi-fortran-102
libhdf5-openmpi-hl-100
libhdf5-openmpi-hl-cpp-100
libhdf5-openmpi-hl-fortran-100

action needed

A new upstream version is available: 1.12.0 high

A new upstream version 1.12.0 is available, you should consider packaging it.

Created: 2020-10-26 Last update: 2021-04-22 19:02

17 security issues in stretch high

There are 17 open security issues in stretch.

3 important issues:

CVE-2018-11205: A out of bounds read was discovered in H5VM_memcpyvv in H5VM.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service or information disclosure attack.
CVE-2019-8396: A buffer overflow in H5O__layout_encode in H5Olayout.c in the HDF HDF5 through 1.10.4 library allows attackers to cause a denial of service via a crafted HDF5 file. This issue was triggered while repacking an HDF5 file, aka "Invalid write of size 2."
CVE-2019-8398: An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5T_get_size in H5T.c.

14 issues postponed or untriaged:

CVE-2017-17505: (needs triaging) In HDF5 1.10.1, there is a NULL pointer dereference in the function H5O_pline_decode in the H5Opline.c file in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file.
CVE-2017-17506: (needs triaging) In HDF5 1.10.1, there is an out of bounds read vulnerability in the function H5Opline_pline_decode in H5Opline.c in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file.
CVE-2017-17508: (needs triaging) In HDF5 1.10.1, there is a divide-by-zero vulnerability in the function H5T_set_loc in the H5T.c file in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file.
CVE-2017-17509: (needs triaging) In HDF5 1.10.1, there is an out of bounds write vulnerability in the function H5G__ent_decode_vec in H5Gcache.c in libhdf5.a. For example, h5dump would crash or possibly have unspecified other impact someone opens a crafted hdf5 file.
CVE-2018-11202: (needs triaging) A NULL pointer dereference was discovered in H5S_hyper_make_spans in H5Shyper.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack.
CVE-2018-11203: (needs triaging) A division by zero was discovered in H5D__btree_decode_key in H5Dbtree.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack.
CVE-2018-11204: (needs triaging) A NULL pointer dereference was discovered in H5O__chunk_deserialize in H5Ocache.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack.
CVE-2018-11206: (needs triaging) An out of bounds read was discovered in H5O_fill_new_decode and H5O_fill_old_decode in H5Ofill.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service or information disclosure attack.
CVE-2018-11207: (needs triaging) A division by zero was discovered in H5D__chunk_init in H5Dchunk.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack.
CVE-2018-17233: (needs triaging) A SIGFPE signal is raised in the function H5D__create_chunk_file_map_hyper() of H5Dchunk.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. It could allow a remote denial of service attack.
CVE-2018-17234: (needs triaging) Memory leak in the H5O__chunk_deserialize() function in H5Ocache.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service (memory consumption) via a crafted HDF5 file.
CVE-2018-17237: (needs triaging) A SIGFPE signal is raised in the function H5D__chunk_set_info_real() of H5Dchunk.c in the HDF HDF5 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. This issue is different from CVE-2018-11207.
CVE-2018-17434: (needs triaging) A SIGFPE signal is raised in the function apply_filters() of h5repack_filters.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. It could allow a remote denial of service attack.
CVE-2018-17437: (needs triaging) Memory leak in the H5O_dtype_decode_helper() function in H5Odtype.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service (memory consumption) via a crafted HDF5 file.

Created: 2021-02-19 Last update: 2021-04-20 22:04

3 security issues in sid high

There are 3 open security issues in sid.

3 important issues:

CVE-2018-11205: A out of bounds read was discovered in H5VM_memcpyvv in H5VM.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service or information disclosure attack.
CVE-2019-8396: A buffer overflow in H5O__layout_encode in H5Olayout.c in the HDF HDF5 through 1.10.4 library allows attackers to cause a denial of service via a crafted HDF5 file. This issue was triggered while repacking an HDF5 file, aka "Invalid write of size 2."
CVE-2019-8398: An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5T_get_size in H5T.c.

Created: 2021-02-19 Last update: 2021-04-20 22:04

8 security issues in buster high

There are 8 open security issues in buster.

3 important issues:

CVE-2018-11205: A out of bounds read was discovered in H5VM_memcpyvv in H5VM.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service or information disclosure attack.
CVE-2019-8396: A buffer overflow in H5O__layout_encode in H5Olayout.c in the HDF HDF5 through 1.10.4 library allows attackers to cause a denial of service via a crafted HDF5 file. This issue was triggered while repacking an HDF5 file, aka "Invalid write of size 2."
CVE-2019-8398: An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5T_get_size in H5T.c.

5 issues left for the package maintainer to handle:

CVE-2018-17233: (needs triaging) A SIGFPE signal is raised in the function H5D__create_chunk_file_map_hyper() of H5Dchunk.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. It could allow a remote denial of service attack.
CVE-2018-17234: (needs triaging) Memory leak in the H5O__chunk_deserialize() function in H5Ocache.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service (memory consumption) via a crafted HDF5 file.
CVE-2018-17237: (needs triaging) A SIGFPE signal is raised in the function H5D__chunk_set_info_real() of H5Dchunk.c in the HDF HDF5 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. This issue is different from CVE-2018-11207.
CVE-2018-17434: (needs triaging) A SIGFPE signal is raised in the function apply_filters() of h5repack_filters.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. It could allow a remote denial of service attack.
CVE-2018-17437: (needs triaging) Memory leak in the H5O_dtype_decode_helper() function in H5Odtype.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service (memory consumption) via a crafted HDF5 file.

You can find information about how to handle these issues in the security team's documentation.

Created: 2021-02-19 Last update: 2021-04-20 22:04

3 security issues in bullseye high

There are 3 open security issues in bullseye.

3 important issues:

CVE-2018-11205: A out of bounds read was discovered in H5VM_memcpyvv in H5VM.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service or information disclosure attack.
CVE-2019-8396: A buffer overflow in H5O__layout_encode in H5Olayout.c in the HDF HDF5 through 1.10.4 library allows attackers to cause a denial of service via a crafted HDF5 file. This issue was triggered while repacking an HDF5 file, aka "Invalid write of size 2."
CVE-2019-8398: An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5T_get_size in H5T.c.

Created: 2021-02-19 Last update: 2021-04-20 22:04

Multiarch hinter reports 2 issue(s) normal

There are issues with the multiarch metadata for this package.

libhdf5-doc could be marked Multi-Arch: foreign
libhdf5-mpi-dev could be marked Multi-Arch: same

Created: 2016-09-14 Last update: 2021-04-22 19:33

version in VCS is newer than in repository, is it time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 1.12.0+repack-1~exp3, distribution UNRELEASED) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:

commit a4c00969ac18b6c0453f3db9eed8ed9025e2476e
Author: Gilles Filippini <pini@debian.org>
Date:   Fri Apr 24 23:56:44 2020 +0200

    Don't need transitional cpp libs links anymore

commit 80203fc1c9043d4eabcc2c197c5a906fb89805be
Author: Gilles Filippini <pini@debian.org>
Date:   Fri Apr 24 23:42:37 2020 +0200

    Drop useless hunk from flavor-configure-option.patch

commit 2e688df3c4b26b7350756c95bbe814702ca4e7de
Author: Gilles Filippini <pini@debian.org>
Date:   Fri Apr 24 10:23:45 2020 +0200

    Fix Multi-Arch fileds
    
    Follow hints given by Multiarch hinter on the package tracke page.

Created: 2020-04-24 Last update: 2021-04-19 17:34

lintian reports 69 warnings normal

Lintian reports 69 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2020-09-21 Last update: 2021-01-26 00:02

Build log checks report 4 warnings low

Build log checks report 4 warnings

Created: 2018-07-25 Last update: 2020-03-28 17:31

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.5.1 instead of 4.5.0).

Created: 2020-11-17 Last update: 2020-11-17 05:41

testing migrations

This package will soon be part of the auto-hdf5 transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.

news

[rss feed]

[2020-05-05] hdf5 1.10.6+repack-2 MIGRATED to testing (Debian testing watch)
[2020-04-25] Accepted hdf5 1.10.6+repack-2 (source) into unstable (Gilles Filippini)
[2020-04-25] hdf5 1.10.6+repack-1 MIGRATED to testing (Debian testing watch)
[2020-04-23] Accepted hdf5 1.12.0+repack-1~exp2 (source) into experimental (Gilles Filippini)
[2020-04-02] Accepted hdf5 1.12.0+repack-1~exp1 (source amd64 all) into experimental, experimental (Debian FTP Masters) (signed by: Gilles Filippini)
[2020-03-28] Accepted hdf5 1.10.6+repack-1 (source) into unstable (Gilles Filippini)
[2020-03-18] Accepted hdf5 1.10.6+repack-1~exp5 (source) into experimental (Gilles Filippini)
[2020-03-16] Accepted hdf5 1.10.6+repack-1~exp4 (source) into experimental (Gilles Filippini)
[2020-02-29] hdf5 1.10.4+repack-11 MIGRATED to testing (Debian testing watch)
[2020-02-23] Accepted hdf5 1.10.4+repack-11 (source) into unstable (Gilles Filippini)
[2020-01-05] Accepted hdf5 1.10.6+repack-1~exp3 (source) into experimental (Gilles Filippini)
[2019-12-29] Accepted hdf5 1.10.6+repack-1~exp2 (source) into experimental (Gilles Filippini)
[2019-12-27] Accepted hdf5 1.10.6+repack-1~exp1 (source) into experimental (Gilles Filippini)
[2019-08-13] Accepted hdf5 1.10.5+repack-1~exp8 (source) into experimental (Gilles Filippini)
[2019-08-13] Accepted hdf5 1.10.5+repack-1~exp7 (source) into experimental (Gilles Filippini)
[2019-05-22] Accepted hdf5 1.10.5+repack-1~exp6 (source amd64 all) into experimental, experimental (Gilles Filippini)
[2019-04-29] Accepted hdf5 1.10.5+repack-1~exp5 (source) into experimental (Gilles Filippini)
[2019-04-21] Accepted hdf5 1.10.5+repack-1~exp4 (source) into experimental (Gilles Filippini)
[2019-04-15] Accepted hdf5 1.10.5+repack-1~exp3 (source amd64 all) into experimental, experimental (Gilles Filippini)
[2019-03-31] Accepted hdf5 1.10.5+repack-1~exp2 (source) into experimental (Gilles Filippini)
[2019-03-29] Accepted hdf5 1.10.5+repack-1~exp1 (source amd64 all) into experimental, experimental (Gilles Filippini)
[2019-02-09] hdf5 1.10.4+repack-10 MIGRATED to testing (Debian testing watch)
[2019-02-03] Accepted hdf5 1.10.4+repack-10 (source) into unstable (Gilles Filippini)
[2019-01-16] hdf5 1.10.4+repack-9 MIGRATED to testing (Debian testing watch)
[2019-01-10] Accepted hdf5 1.10.4+repack-9 (source) into unstable (Gilles Filippini)
[2019-01-09] hdf5 1.10.4+repack-8 MIGRATED to testing (Debian testing watch)
[2019-01-03] Accepted hdf5 1.10.4+repack-8 (source) into unstable (Gilles Filippini)
[2019-01-02] Accepted hdf5 1.10.4+repack-7 (source) into unstable (Gilles Filippini)
[2018-12-30] Accepted hdf5 1.10.4+repack-6 (source) into unstable (Gilles Filippini)
[2018-12-29] Accepted hdf5 1.10.4+repack-5 (source) into unstable (Gilles Filippini)

bugs [bug history graph]

all: 14
RC: 0
I&N: 10
M&W: 4
F&P: 0
patch: 0

links

homepage
lintian (0, 69)
buildd: logs, exp, checks, clang, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1.10.6+repack-2
12 bugs (1 patch)