Your message dated Thu, 11 Dec 2025 18:19:19 +0000
with message-id <[email protected]>
and subject line Bug#1117722: fixed in debian-security-support 1:14+2025.12.11
has caused the Debian Bug report #1117722,
regarding hdf5: explain security support status in README.Debian
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1117722: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117722
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: debian-security-support
Severity: normal
X-Debbugs-Cc: Debian Security Team <[email protected]>,
[email protected]
I propose to mark hdf5 as limited support in Debian 11 (bullseye).
# Package Description
Hierarchical Data Format 5 (HDF5) is a file format and library for
storing scientific data. HDF5 was designed and implemented to address
the deficiencies of HDF4.x. It has a more powerful and flexible data
model, supports files larger than 2 GB, and supports parallel I/O.
# Obstacles Preventing Continued Support
Upstream does not seem to support security updates of older releases.
There are tags of the 1.10 series in bullseye up to 1.10.11 but they
contain a lot of changes all over the place, like reformatting, adding
new functionality and behavior changes. So uploading a new upstream
version seems too risky. On the other hand the upstream git has no clear
commits of the security patches. They are often committed in bulk and
then partly reverted due to regressions and later committed again,
probably due to other commits in between fixing the regressions. There
is https://github.com/HDFGroup/cve_hdf5.git which allows easy testing of
the CVEs and I tried cherry-picking some commits but it resulted in
different tests failing.
# Proposed entry for security-support.deb11
hdf5 limited Not covered by security support, only suitable for trusted
content, see -1
--- End Message ---
--- Begin Message ---
Source: debian-security-support
Source-Version: 1:14+2025.12.11
Done: Holger Levsen <[email protected]>
We believe that the bug you reported is fixed in the latest version of
debian-security-support, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Holger Levsen <[email protected]> (supplier of updated debian-security-support
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 11 Dec 2025 18:58:53 +0100
Source: debian-security-support
Architecture: source
Version: 1:14+2025.12.11
Distribution: unstable
Urgency: medium
Maintainer: Debian Security Team <[email protected]>
Changed-By: Holger Levsen <[email protected]>
Closes: 1117722
Changes:
debian-security-support (1:14+2025.12.11) unstable; urgency=medium
.
[ Holger Levsen ]
* hello forky:
- increase epoch.
- add security-support.deb14.
- drop security-support.deb10.
* debian/control: drop Rules-Requires-Root: no (now the default).
.
[ Jochen Sprickerhof ]
* Mark hdf5 as limited supported. Closes: #1117722.
Checksums-Sha1:
44da159f9eb9cc1a0b496e5ee29ca76da0e0ae2c 1975
debian-security-support_14+2025.12.11.dsc
80bf8744c96a874d2a021717defb791ca04f05b0 37164
debian-security-support_14+2025.12.11.tar.xz
575a41af7e3000c5ebefddbc5fb8751ef43e0c7d 8544
debian-security-support_14+2025.12.11_source.buildinfo
Checksums-Sha256:
04fc1e8bf3ad28e59ec9ee236af13ed7eb78d3554511913f75d82dbe84edae25 1975
debian-security-support_14+2025.12.11.dsc
d87ac104085e043a62fd1a60e395b597c3edd23139dcdf777267d409fffced7d 37164
debian-security-support_14+2025.12.11.tar.xz
c0e2e9f9eb9b9f0574ba13e9d47b5b08607e0b5505e3c59d5d39e13b56e7583a 8544
debian-security-support_14+2025.12.11_source.buildinfo
Files:
c61b60e70a1edd41cd46b2ce382d55ae 1975 admin optional
debian-security-support_14+2025.12.11.dsc
58bd3f7e9c42dea06f3936f7f2f9867a 37164 admin optional
debian-security-support_14+2025.12.11.tar.xz
f393d51d0512b79603a215409b175f4c 8544 admin optional
debian-security-support_14+2025.12.11_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEuL9UE3sJ01zwJv6dCRq4VgaaqhwFAmk7Br0ACgkQCRq4Vgaa
qhyusw//f1+LfUhS+SJmXgBBca/IZEoTxrTo6Et781VOnxIZYbitIuvRnBofHpK7
8Umsv4goeDdv1ffI49VwYiATESAihFqXOIh0cAhK1z6WC9bdGeiKibtobf01izsL
UXGGcFAv81LkpaZcYec0f/rW58YkzHSOkqWKQAl3P0Cv8uqGwXgLhHbG2NSTM6Cw
9ep9EzjPY13KfP4IZ7EaInG/VIxBA1yjOZShEJVuHgp/2U7Skak8Fqu72k/oxM3c
kTIY45l4ZdhSVaRatguUllXfhqDAojtMO2Wp2m4hmuvjKuFSOtFafrIb4oS4J2lp
+1RrMf6ZjA/UY6aG5FtLogUdNZRZOezAj6FElcbxxXOHd/R2qYyfA+BFkKz9V0UY
3J+AzOeiFHT+lNTzdinBh6lQRXUV3rBtEDCxXw5YkM0QI4+12sm7+n7nALZjibuL
gfDjsxufU42lerIaLTgOgluwYD4jd9qODUM9GM1bh/idGn1GiOY0pGd1MsSRLMOA
GYGD/2jq0ac9QQEnvguLm9OCXF8dWneTlYIjn/mRIuwyYB2EwXMI448fohE81YSA
C0c1yMPy8qGh+zbvG4jyUcOMbADkXNBD3YyEsjPkm454UvwYZvazCHC9vA8VzYAu
qAripiDhv8PjjnLZPTspmR/dCDuJWXhIQKjYh51DaBBkM0zVsd8=
=iqVz
-----END PGP SIGNATURE-----
pgpEXDGT0lqO4.pgp
Description: PGP signature
--- End Message ---
