[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: hdf5 undetermined cves


Am 19.03.19 um 18:25 schrieb Hugo Lefeuvre:
> Hi,
> I just noticed the large number of undetermined issues affecting the hdf5
> source package in the tracker. I have tried to reproduce the latest one on
> buster, successfully (CVE-2019-9152, I have updated the tracker).
> I wonder why all these issues were marked undetermined in the first place.
> Did I miss something?
> regards,
> Hugo

I think it was unclear if upstream was even aware of those bugs. The
CVEs were requested by someone who provides POCs but whether a certain
version is affected or not is not clear and if patches are available. I
would check with upstream first, forward links and POCS if necessary. In
case they already know about the problem you could save a lot of time.



Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: