Hi, Am 19.03.19 um 18:25 schrieb Hugo Lefeuvre: > Hi, > > I just noticed the large number of undetermined issues affecting the hdf5 > source package in the tracker. I have tried to reproduce the latest one on > buster, successfully (CVE-2019-9152, I have updated the tracker). > > I wonder why all these issues were marked undetermined in the first place. > > Did I miss something? > > regards, > Hugo I think it was unclear if upstream was even aware of those bugs. The CVEs were requested by someone who provides POCs but whether a certain version is affected or not is not clear and if patches are available. I would check with upstream first, forward links and POCS if necessary. In case they already know about the problem you could save a lot of time. Regards, Markus
Attachment:
signature.asc
Description: OpenPGP digital signature