commit hdf5 for openSUSE:Factory

Thu, 05 May 2022 14:06:57 -0700 

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package hdf5 for openSUSE:Factory checked in 
at 2022-05-05 23:06:06
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/hdf5 (Old)
 and      /work/SRC/openSUSE:Factory/.hdf5.new.1538 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "hdf5"

Thu May  5 23:06:06 2022 rev:76 rq:975082 version:1.10.8

Changes:
--------
--- /work/SRC/openSUSE:Factory/hdf5/hdf5.changes        2022-04-11 
23:50:34.010164646 +0200
+++ /work/SRC/openSUSE:Factory/.hdf5.new.1538/hdf5.changes      2022-05-05 
23:06:47.649587317 +0200
@@ -1,0 +2,10 @@
+Wed May  4 06:39:53 UTC 2022 - Egbert Eich <e...@suse.com>
+
+- Security Fix:
+  Add configure option --disable-hltools to disable GIF tools as
+  recommended in the 1.10.8 release:
+  CVE-2018-17433 (bsc#1109565),
+  CVE-2018-17436 (bsc#1109568),
+  CVE-2020-10809 (bsc#1167404).
+
+-------------------------------------------------------------------
@@ -61 +71 @@
-  * Fixed CVE-2018-17432
+  * Fixed CVE-2018-17432 (bsc#1109564)
@@ -65,4 +75,6 @@
-    parsing
-  * Fixed CVE-2018-14460
-  * Fixed CVE-2018-11206
-  * Fixed CVE-2018-14033 (same issue as CVE-2020-10811)
+    parsing (bsc#1167401)
+  * Fixed CVE-2018-14460 (bsc#1102175)
+  * Fixed CVE-2018-11206 (bsc#1093657)
+    (same issue as CVE-2018-14032 (bsc#1101474))
+  * Fixed CVE-2018-14033 (bsc#1101471)
+    (same issue as CVE-2020-10811 (bsc#1167405))
@@ -204,0 +217 @@
+    (bsc#1109570)
@@ -290 +303 @@
-  * CVE-2018-17434: Memory leak in the H5O__chunk_deserialize() 
+  * CVE-2018-17234: Memory leak in the H5O__chunk_deserialize() 
@@ -292,2 +305,6 @@
-  * CVE-2018-17437: A SIGFPE signal is raised in the function 
-  H5D__chunk_set_info_real. (bsc#1109168)
+  * CVE-2018-17434: A SIGFPE signal is raised in function apply_filters()
+  of h5repack_filters.c (bsc#1109566)
+  * CVE-2018-17437: Memory leak in the H5O_dtype_decode_helper() function
+  in H5Odtype.c. (bsc#1109569)
+  * CVE-2018-17237: A SIGFPE signal is raised in the function 
+  H5D__chunk_set_info_real (bsc#1109168) (commit 4e31361d).

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ hdf5.spec ++++++
--- /var/tmp/diff_new_pack.lahSNZ/_old  2022-05-05 23:06:48.365588210 +0200
+++ /var/tmp/diff_new_pack.lahSNZ/_new  2022-05-05 23:06:48.369588216 +0200
@@ -760,6 +760,7 @@
 %hpc_configure \
 %define hpc_exec_prefix %{expand:%_hpc_exec_prefix}
 %endif # ?hpc
+  --disable-hltools \
   --disable-dependency-tracking \
   --enable-fortran \
   --enable-unsupported \

Reply via email to