hdf5 - Debian Package Tracker

general

source: hdf5 (main)
version: 1.10.7+repack-4
maintainer: Gilles Filippini (DMD)
arch: all any
std-ver: 4.5.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1.10.0-patch1+docs-3+deb9u1
oldstable: 1.10.4+repack-10
stable: 1.10.6+repack-4+deb11u1
testing: 1.10.7+repack-4
unstable: 1.10.7+repack-4
exp: 1.12.2+repack-1~exp1

versioned links

1.10.0-patch1+docs-3+deb9u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.10.4+repack-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.10.4+repack-10: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.10.6+repack-4+deb11u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.10.7+repack-4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.12.2+repack-1~exp1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

hdf5-helpers
hdf5-tools (5 bugs: 0, 5, 0, 0)
libhdf5-103
libhdf5-103-1
libhdf5-cpp-103
libhdf5-cpp-103-1
libhdf5-dev (1 bugs: 0, 1, 0, 0)
libhdf5-doc
libhdf5-fortran-102
libhdf5-hl-100
libhdf5-hl-cpp-100
libhdf5-hl-fortran-100
libhdf5-java
libhdf5-jni
libhdf5-mpi-dev
libhdf5-mpich-103
libhdf5-mpich-103-1
libhdf5-mpich-cpp-103-1
libhdf5-mpich-dev
libhdf5-mpich-fortran-102
libhdf5-mpich-hl-100
libhdf5-mpich-hl-cpp-100
libhdf5-mpich-hl-fortran-100
libhdf5-openmpi-103
libhdf5-openmpi-103-1
libhdf5-openmpi-cpp-103-1
libhdf5-openmpi-dev (1 bugs: 0, 1, 0, 0)
libhdf5-openmpi-fortran-102
libhdf5-openmpi-hl-100
libhdf5-openmpi-hl-cpp-100
libhdf5-openmpi-hl-fortran-100

action needed

Problems while searching for a new upstream version high

uscan had problems while searching for a new upstream version:

uscan warning: In debian/watch,
 no matching refs for watch line
 https://bitbucket.hdfgroup.org/scm/hdffv/hdf5.git refs/tags/hdf5-([\d_]+) debian debian/orig-tar.sh

Created: 2022-05-05 Last update: 2022-05-18 06:01

24 security issues in stretch high

There are 24 open security issues in stretch.

10 important issues:

CVE-2019-8396: A buffer overflow in H5O__layout_encode in H5Olayout.c in the HDF HDF5 through 1.10.4 library allows attackers to cause a denial of service via a crafted HDF5 file. This issue was triggered while repacking an HDF5 file, aka "Invalid write of size 2."
CVE-2019-8398: An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5T_get_size in H5T.c.
CVE-2018-11205: A out of bounds read was discovered in H5VM_memcpyvv in H5VM.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service or information disclosure attack.
CVE-2021-45829: HDF5 1.13.1-1 is affected by: segmentation fault, which causes a Denial of Service.
CVE-2021-45830: A heap-based buffer overflow vulnerability exists in HDF5 1.13.1-1 via H5F_addr_decode_len in /hdf5/src/H5Fint.c, which could cause a Denial of Service.
CVE-2021-45832: A Stack-based Buffer Overflow Vulnerability exists in HDF5 1.13.1-1 at at hdf5/src/H5Eint.c, which causes a Denial of Service (context-dependent).
CVE-2021-45833: A Stack-based Buffer Overflow Vulnerability exists in HDF5 1.13.1-1 via the H5D__create_chunk_file_map_hyper function in /hdf5/src/H5Dchunk.c, which causes a Denial of Service (context-dependent).
CVE-2021-46242: HDF5 v1.13.1-1 was discovered to contain a heap-use-after free via the component H5AC_unpin_entry.
CVE-2021-46243: An untrusted pointer dereference vulnerability exists in HDF5 v1.13.1-1 via the function H5O__dtype_decode_helper () at hdf5/src/H5Odtype.c. This vulnerability can lead to a Denial of Service (DoS).
CVE-2021-46244: A Divide By Zero vulnerability exists in HDF5 v1.13.1-1 vis the function H5T__complete_copy () at /hdf5/src/H5T.c. This vulnerability causes an aritmetic exception, leading to a Denial of Service (DoS).

14 issues postponed or untriaged:

CVE-2017-17505: (needs triaging) In HDF5 1.10.1, there is a NULL pointer dereference in the function H5O_pline_decode in the H5Opline.c file in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file.
CVE-2017-17506: (needs triaging) In HDF5 1.10.1, there is an out of bounds read vulnerability in the function H5Opline_pline_decode in H5Opline.c in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file.
CVE-2017-17508: (needs triaging) In HDF5 1.10.1, there is a divide-by-zero vulnerability in the function H5T_set_loc in the H5T.c file in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file.
CVE-2017-17509: (needs triaging) In HDF5 1.10.1, there is an out of bounds write vulnerability in the function H5G__ent_decode_vec in H5Gcache.c in libhdf5.a. For example, h5dump would crash or possibly have unspecified other impact someone opens a crafted hdf5 file.
CVE-2018-11202: (needs triaging) A NULL pointer dereference was discovered in H5S_hyper_make_spans in H5Shyper.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack.
CVE-2018-11203: (needs triaging) A division by zero was discovered in H5D__btree_decode_key in H5Dbtree.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack.
CVE-2018-11204: (needs triaging) A NULL pointer dereference was discovered in H5O__chunk_deserialize in H5Ocache.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack.
CVE-2018-11206: (needs triaging) An out of bounds read was discovered in H5O_fill_new_decode and H5O_fill_old_decode in H5Ofill.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service or information disclosure attack.
CVE-2018-11207: (needs triaging) A division by zero was discovered in H5D__chunk_init in H5Dchunk.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack.
CVE-2018-17233: (needs triaging) A SIGFPE signal is raised in the function H5D__create_chunk_file_map_hyper() of H5Dchunk.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. It could allow a remote denial of service attack.
CVE-2018-17234: (needs triaging) Memory leak in the H5O__chunk_deserialize() function in H5Ocache.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service (memory consumption) via a crafted HDF5 file.
CVE-2018-17237: (needs triaging) A SIGFPE signal is raised in the function H5D__chunk_set_info_real() of H5Dchunk.c in the HDF HDF5 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. This issue is different from CVE-2018-11207.
CVE-2018-17434: (needs triaging) A SIGFPE signal is raised in the function apply_filters() of h5repack_filters.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. It could allow a remote denial of service attack.
CVE-2018-17437: (needs triaging) Memory leak in the H5O_dtype_decode_helper() function in H5Odtype.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service (memory consumption) via a crafted HDF5 file.

Created: 2021-02-19 Last update: 2022-01-28 11:47

10 security issues in sid high

There are 10 open security issues in sid.

10 important issues:

CVE-2019-8396: A buffer overflow in H5O__layout_encode in H5Olayout.c in the HDF HDF5 through 1.10.4 library allows attackers to cause a denial of service via a crafted HDF5 file. This issue was triggered while repacking an HDF5 file, aka "Invalid write of size 2."
CVE-2019-8398: An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5T_get_size in H5T.c.
CVE-2018-11205: A out of bounds read was discovered in H5VM_memcpyvv in H5VM.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service or information disclosure attack.
CVE-2021-45829: HDF5 1.13.1-1 is affected by: segmentation fault, which causes a Denial of Service.
CVE-2021-45830: A heap-based buffer overflow vulnerability exists in HDF5 1.13.1-1 via H5F_addr_decode_len in /hdf5/src/H5Fint.c, which could cause a Denial of Service.
CVE-2021-45832: A Stack-based Buffer Overflow Vulnerability exists in HDF5 1.13.1-1 at at hdf5/src/H5Eint.c, which causes a Denial of Service (context-dependent).
CVE-2021-45833: A Stack-based Buffer Overflow Vulnerability exists in HDF5 1.13.1-1 via the H5D__create_chunk_file_map_hyper function in /hdf5/src/H5Dchunk.c, which causes a Denial of Service (context-dependent).
CVE-2021-46242: HDF5 v1.13.1-1 was discovered to contain a heap-use-after free via the component H5AC_unpin_entry.
CVE-2021-46243: An untrusted pointer dereference vulnerability exists in HDF5 v1.13.1-1 via the function H5O__dtype_decode_helper () at hdf5/src/H5Odtype.c. This vulnerability can lead to a Denial of Service (DoS).
CVE-2021-46244: A Divide By Zero vulnerability exists in HDF5 v1.13.1-1 vis the function H5T__complete_copy () at /hdf5/src/H5T.c. This vulnerability causes an aritmetic exception, leading to a Denial of Service (DoS).

Created: 2021-02-19 Last update: 2022-01-28 11:47

15 security issues in buster high

There are 15 open security issues in buster.

10 important issues:

CVE-2019-8396: A buffer overflow in H5O__layout_encode in H5Olayout.c in the HDF HDF5 through 1.10.4 library allows attackers to cause a denial of service via a crafted HDF5 file. This issue was triggered while repacking an HDF5 file, aka "Invalid write of size 2."
CVE-2019-8398: An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5T_get_size in H5T.c.
CVE-2018-11205: A out of bounds read was discovered in H5VM_memcpyvv in H5VM.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service or information disclosure attack.
CVE-2021-45829: HDF5 1.13.1-1 is affected by: segmentation fault, which causes a Denial of Service.
CVE-2021-45830: A heap-based buffer overflow vulnerability exists in HDF5 1.13.1-1 via H5F_addr_decode_len in /hdf5/src/H5Fint.c, which could cause a Denial of Service.
CVE-2021-45832: A Stack-based Buffer Overflow Vulnerability exists in HDF5 1.13.1-1 at at hdf5/src/H5Eint.c, which causes a Denial of Service (context-dependent).
CVE-2021-45833: A Stack-based Buffer Overflow Vulnerability exists in HDF5 1.13.1-1 via the H5D__create_chunk_file_map_hyper function in /hdf5/src/H5Dchunk.c, which causes a Denial of Service (context-dependent).
CVE-2021-46242: HDF5 v1.13.1-1 was discovered to contain a heap-use-after free via the component H5AC_unpin_entry.
CVE-2021-46243: An untrusted pointer dereference vulnerability exists in HDF5 v1.13.1-1 via the function H5O__dtype_decode_helper () at hdf5/src/H5Odtype.c. This vulnerability can lead to a Denial of Service (DoS).
CVE-2021-46244: A Divide By Zero vulnerability exists in HDF5 v1.13.1-1 vis the function H5T__complete_copy () at /hdf5/src/H5T.c. This vulnerability causes an aritmetic exception, leading to a Denial of Service (DoS).

5 issues left for the package maintainer to handle:

CVE-2018-17233: (needs triaging) A SIGFPE signal is raised in the function H5D__create_chunk_file_map_hyper() of H5Dchunk.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. It could allow a remote denial of service attack.
CVE-2018-17234: (needs triaging) Memory leak in the H5O__chunk_deserialize() function in H5Ocache.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service (memory consumption) via a crafted HDF5 file.
CVE-2018-17237: (needs triaging) A SIGFPE signal is raised in the function H5D__chunk_set_info_real() of H5Dchunk.c in the HDF HDF5 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. This issue is different from CVE-2018-11207.
CVE-2018-17434: (needs triaging) A SIGFPE signal is raised in the function apply_filters() of h5repack_filters.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. It could allow a remote denial of service attack.
CVE-2018-17437: (needs triaging) Memory leak in the H5O_dtype_decode_helper() function in H5Odtype.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service (memory consumption) via a crafted HDF5 file.

You can find information about how to handle these issues in the security team's documentation.

Created: 2021-02-19 Last update: 2022-01-28 11:47

10 security issues in bullseye high

There are 10 open security issues in bullseye.

10 important issues:

CVE-2019-8396: A buffer overflow in H5O__layout_encode in H5Olayout.c in the HDF HDF5 through 1.10.4 library allows attackers to cause a denial of service via a crafted HDF5 file. This issue was triggered while repacking an HDF5 file, aka "Invalid write of size 2."
CVE-2019-8398: An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5T_get_size in H5T.c.
CVE-2018-11205: A out of bounds read was discovered in H5VM_memcpyvv in H5VM.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service or information disclosure attack.
CVE-2021-45829: HDF5 1.13.1-1 is affected by: segmentation fault, which causes a Denial of Service.
CVE-2021-45830: A heap-based buffer overflow vulnerability exists in HDF5 1.13.1-1 via H5F_addr_decode_len in /hdf5/src/H5Fint.c, which could cause a Denial of Service.
CVE-2021-45832: A Stack-based Buffer Overflow Vulnerability exists in HDF5 1.13.1-1 at at hdf5/src/H5Eint.c, which causes a Denial of Service (context-dependent).
CVE-2021-45833: A Stack-based Buffer Overflow Vulnerability exists in HDF5 1.13.1-1 via the H5D__create_chunk_file_map_hyper function in /hdf5/src/H5Dchunk.c, which causes a Denial of Service (context-dependent).
CVE-2021-46242: HDF5 v1.13.1-1 was discovered to contain a heap-use-after free via the component H5AC_unpin_entry.
CVE-2021-46243: An untrusted pointer dereference vulnerability exists in HDF5 v1.13.1-1 via the function H5O__dtype_decode_helper () at hdf5/src/H5Odtype.c. This vulnerability can lead to a Denial of Service (DoS).
CVE-2021-46244: A Divide By Zero vulnerability exists in HDF5 v1.13.1-1 vis the function H5T__complete_copy () at /hdf5/src/H5T.c. This vulnerability causes an aritmetic exception, leading to a Denial of Service (DoS).

Created: 2021-02-19 Last update: 2022-01-28 11:47

10 security issues in bookworm high

There are 10 open security issues in bookworm.

10 important issues:

CVE-2019-8396: A buffer overflow in H5O__layout_encode in H5Olayout.c in the HDF HDF5 through 1.10.4 library allows attackers to cause a denial of service via a crafted HDF5 file. This issue was triggered while repacking an HDF5 file, aka "Invalid write of size 2."
CVE-2019-8398: An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5T_get_size in H5T.c.
CVE-2018-11205: A out of bounds read was discovered in H5VM_memcpyvv in H5VM.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service or information disclosure attack.
CVE-2021-45829: HDF5 1.13.1-1 is affected by: segmentation fault, which causes a Denial of Service.
CVE-2021-45830: A heap-based buffer overflow vulnerability exists in HDF5 1.13.1-1 via H5F_addr_decode_len in /hdf5/src/H5Fint.c, which could cause a Denial of Service.
CVE-2021-45832: A Stack-based Buffer Overflow Vulnerability exists in HDF5 1.13.1-1 at at hdf5/src/H5Eint.c, which causes a Denial of Service (context-dependent).
CVE-2021-45833: A Stack-based Buffer Overflow Vulnerability exists in HDF5 1.13.1-1 via the H5D__create_chunk_file_map_hyper function in /hdf5/src/H5Dchunk.c, which causes a Denial of Service (context-dependent).
CVE-2021-46242: HDF5 v1.13.1-1 was discovered to contain a heap-use-after free via the component H5AC_unpin_entry.
CVE-2021-46243: An untrusted pointer dereference vulnerability exists in HDF5 v1.13.1-1 via the function H5O__dtype_decode_helper () at hdf5/src/H5Odtype.c. This vulnerability can lead to a Denial of Service (DoS).
CVE-2021-46244: A Divide By Zero vulnerability exists in HDF5 v1.13.1-1 vis the function H5T__complete_copy () at /hdf5/src/H5T.c. This vulnerability causes an aritmetic exception, leading to a Denial of Service (DoS).

Created: 2021-08-15 Last update: 2022-01-28 11:47

lintian reports 38 warnings normal

Lintian reports 38 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2020-09-21 Last update: 2022-01-01 04:32

Multiarch hinter reports 1 issue(s) low

There are issues with the multiarch metadata for this package.

libhdf5-doc could be marked Multi-Arch: foreign

Created: 2016-09-14 Last update: 2022-05-18 06:05

Build log checks report 3 warnings low

Build log checks report 3 warnings

Created: 2021-09-10 Last update: 2021-09-10 08:35

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.6.1 instead of 4.5.0).

Created: 2020-11-17 Last update: 2022-05-11 23:25

testing migrations

This package is part of the ongoing testing transition known as auto-openssl. Please avoid uploads unrelated to this transition, they would likely delay it and require supplementary work from the release managers. On the other hand, if your package has problems preventing it to migrate to testing, please fix them as soon as possible. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.
This package will soon be part of the auto-hdf5 transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.

news

[rss feed]

[2022-05-01] Accepted hdf5 1.12.2+repack-1~exp1 (source) into experimental (Gilles Filippini)
[2021-10-18] hdf5 1.10.7+repack-4 MIGRATED to testing (Debian testing watch)
[2021-10-12] Accepted hdf5 1.10.7+repack-4 (source) into unstable (Gilles Filippini)
[2021-10-03] Accepted hdf5 1.10.7+repack-3 (source) into unstable (Gilles Filippini)
[2021-09-30] Accepted hdf5 1.10.7+repack-2 (source) into unstable (Gilles Filippini)
[2021-09-29] hdf5 1.10.7+repack-1 MIGRATED to testing (Debian testing watch)
[2021-09-20] Accepted hdf5 1.10.6+repack-4+deb11u1 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Gilles Filippini)
[2021-09-09] Accepted hdf5 1.10.7+repack-1 (source) into unstable (Gilles Filippini)
[2021-08-17] hdf5 1.10.6+repack-5 MIGRATED to testing (Debian testing watch)
[2021-08-11] Accepted hdf5 1.10.6+repack-5 (source) into unstable (Gilles Filippini)
[2021-06-22] hdf5 1.10.6+repack-4 MIGRATED to testing (Debian testing watch)
[2021-06-16] Accepted hdf5 1.10.6+repack-4 (source) into unstable (Gilles Filippini)
[2021-06-14] Accepted hdf5 1.10.6+repack-3 (source) into unstable (Gilles Filippini)
[2020-05-05] hdf5 1.10.6+repack-2 MIGRATED to testing (Debian testing watch)
[2020-04-25] Accepted hdf5 1.10.6+repack-2 (source) into unstable (Gilles Filippini)
[2020-04-25] hdf5 1.10.6+repack-1 MIGRATED to testing (Debian testing watch)
[2020-04-23] Accepted hdf5 1.12.0+repack-1~exp2 (source) into experimental (Gilles Filippini)
[2020-04-02] Accepted hdf5 1.12.0+repack-1~exp1 (source amd64 all) into experimental, experimental (Debian FTP Masters) (signed by: Gilles Filippini)
[2020-03-28] Accepted hdf5 1.10.6+repack-1 (source) into unstable (Gilles Filippini)
[2020-03-18] Accepted hdf5 1.10.6+repack-1~exp5 (source) into experimental (Gilles Filippini)
[2020-03-16] Accepted hdf5 1.10.6+repack-1~exp4 (source) into experimental (Gilles Filippini)
[2020-02-29] hdf5 1.10.4+repack-11 MIGRATED to testing (Debian testing watch)
[2020-02-23] Accepted hdf5 1.10.4+repack-11 (source) into unstable (Gilles Filippini)
[2020-01-05] Accepted hdf5 1.10.6+repack-1~exp3 (source) into experimental (Gilles Filippini)
[2019-12-29] Accepted hdf5 1.10.6+repack-1~exp2 (source) into experimental (Gilles Filippini)
[2019-12-27] Accepted hdf5 1.10.6+repack-1~exp1 (source) into experimental (Gilles Filippini)
[2019-08-13] Accepted hdf5 1.10.5+repack-1~exp8 (source) into experimental (Gilles Filippini)
[2019-08-13] Accepted hdf5 1.10.5+repack-1~exp7 (source) into experimental (Gilles Filippini)
[2019-05-22] Accepted hdf5 1.10.5+repack-1~exp6 (source amd64 all) into experimental, experimental (Gilles Filippini)
[2019-04-29] Accepted hdf5 1.10.5+repack-1~exp5 (source) into experimental (Gilles Filippini)

bugs [bug history graph]

all: 12
RC: 0
I&N: 10
M&W: 2
F&P: 0
patch: 0

links

homepage
lintian (0, 38)
buildd: logs, exp, checks, clang, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1.10.7+repack-4ubuntu2
13 bugs (1 patch)
patches for 1.10.7+repack-4ubuntu2