Re: hdf5 undetermined cves

To: debian-lts@lists.debian.org
Subject: Re: hdf5 undetermined cves
From: Hugo Lefeuvre <hle@debian.org>
Date: Thu, 21 Mar 2019 07:54:30 +0100
Message-id: <[🔎] 20190321065430.GA1563@behemoth.owl.eu.com.local>
In-reply-to: <[🔎] 12c373af-ed03-2e09-c44d-f33f5e94c3be@debian.org>
References: <[🔎] 20190319172556.GA1329@behemoth.owl.eu.com.local> <[🔎] 12c373af-ed03-2e09-c44d-f33f5e94c3be@debian.org>

Hi Markus,

> I think it was unclear if upstream was even aware of those bugs. The
> CVEs were requested by someone who provides POCs but whether a certain
> version is affected or not is not clear and if patches are available. I
> would check with upstream first, forward links and POCS if necessary. In
> case they already know about the problem you could save a lot of time.

Thanks for your answer. I have received a few other answers off-list and
plan to proceed on a case by case basis, reporting bugs to upstream, trying
to get them fixed and spot duplicates.

cheers,
 Hugo

-- 
                Hugo Lefeuvre (hle)    |    www.owl.eu.com
RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD
ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C

Attachment: signature.asc
Description: PGP signature

Reply to:

References:
- hdf5 undetermined cves
  - From: Hugo Lefeuvre <hle@debian.org>
- Re: hdf5 undetermined cves
  - From: Markus Koschany <apo@debian.org>

Prev by Date: KSK2017 in BIND 9 in Wheezy and Jessie LTS releases?
Next by Date: Re: KSK2017 in BIND 9 in Wheezy and Jessie LTS releases?
Previous by thread: Re: hdf5 undetermined cves
Next by thread: KSK2017 in BIND 9 in Wheezy and Jessie LTS releases?
Index(es):
- Date
- Thread