[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#1117607: debian-security-support: Mark hdf5 with limited support

On Thu, Oct 09, 2025 at 08:05:41AM +0000, Holger Levsen wrote:
> control: tags -1 + moreinfo
> thanks
> 
> On Wed, Oct 08, 2025 at 09:12:32PM +0000, Moritz Mühlenhoff wrote:
> > The whole premise of assigning CVE IDs to data parsing bugs in HDF seems flawed
> > to begin with. If you use untrusted scientific data, some random parsing bugs
> > are the least of your worries.
> 
> so
> 
> hdf5  limited  Not covered by security support, only suitable for trusted content, see -1
> 
> for all suites?

Not sure what the ", see -1" refers to, but the rest looks good to me. But this
should also be complemented with a README.Debian entry in the package itself, not
everyone looks at debian-security-support.

Cheers,
        Moritz
Reply to: