Overview

Request 974903 superseded

- Security Fix:
Add configure option --disable-hltools to disable GIF tools as
recommended in the 1.10.8 release:
CVE-2018-17433 (bsc#1109565),
CVE-2018-17436 (bsc#1109568),
CVE-2020-10809 (bsc#1167404).

* Fixed CVE-2018-17432 (bsc#1109564)
parsing (bsc#1167401)
* Fixed CVE-2018-14460 (bsc#1102175)
* Fixed CVE-2018-11206 (bsc#1093657)
(same issue as CVE-2018-14032 (bsc#1101474))
* Fixed CVE-2018-14033 (bsc#1101471)
(same issue as CVE-2020-10811 (bsc#1167405))
H5D__select_io() of H5Dselect.c in the HDF HDF5 through 1.10.3
(bsc#1109570)
* CVE-2018-17437: Memory leak in the H5O_dtype_decode_helper() function
in H5Odtype.c. (bsc#1109569)
* CVE-2018-17237: A SIGFPE signal is raised in the function
H5D__chunk_set_info_real (bsc#1109168) (commit 4e31361d). (forwarded request 974893 from eeich)

Request History
Egbert Eich's avatar

eeich created request

- Security Fix:
Add configure option --disable-hltools to disable GIF tools as
recommended in the 1.10.8 release:
CVE-2018-17433 (bsc#1109565),
CVE-2018-17436 (bsc#1109568),
CVE-2020-10809 (bsc#1167404).

* Fixed CVE-2018-17432 (bsc#1109564)
parsing (bsc#1167401)
* Fixed CVE-2018-14460 (bsc#1102175)
* Fixed CVE-2018-11206 (bsc#1093657)
(same issue as CVE-2018-14032 (bsc#1101474))
* Fixed CVE-2018-14033 (bsc#1101471)
(same issue as CVE-2020-10811 (bsc#1167405))
H5D__select_io() of H5Dselect.c in the HDF HDF5 through 1.10.3
(bsc#1109570)
* CVE-2018-17437: Memory leak in the H5O_dtype_decode_helper() function
in H5Odtype.c. (bsc#1109569)
* CVE-2018-17237: A SIGFPE signal is raised in the function
H5D__chunk_set_info_real (bsc#1109168) (commit 4e31361d). (forwarded request 974893 from eeich)

Factory Auto's avatar

factory-auto added opensuse-review-team as a reviewer

Please review sources

Factory Auto's avatar

factory-auto accepted review

Check script succeeded

Dominique Leuenberger's avatar

dimstar_suse added openSUSE:Factory:Staging:adi:41 as a reviewer

Being evaluated by staging project "openSUSE:Factory:Staging:adi:41"

Dominique Leuenberger's avatar

dimstar_suse accepted review

Picked "openSUSE:Factory:Staging:adi:41"

Dominique Leuenberger's avatar

dimstar accepted review

Saul Goodman's avatar

licensedigger accepted review

The legal review is accepted preliminary. The package may require actions later on.

Egbert Eich's avatar

eeich superseded request

superseded by 975082

openSUSE Build Service is sponsored by
Places