hdf5 icon indicating copy to clipboard operation
hdf5 copied to clipboard

Published 20 hours ago verified publisher icon HDFGroup

Patches for CVE-2020-10809 through CVE-2020-10812

Open dotlambda opened this issue 4 years ago • 2 comments

I can't find patches for these four CVEs:

Can you help me out?

dotlambda avatar Feb 04 '21 09:02 dotlambda

CVE-2020-10810: https://github.com/HDFGroup/hdf5/commit/267ff9065ba9f42fec05cdcae0caa90536a04392 ?

risicle avatar Jun 06 '21 11:06 risicle

CVE-2020-10811: Included in https://github.com/HDFGroup/hdf5/commit/dafc7285bb1df4a6529a64c215c5de4017016d24 ? Claimed to be the same issue as CVE-2018-14033

risicle avatar Jun 06 '21 11:06 risicle

Hi folks, isn't bd6f3b a fix for CVE-2020-10810? The description in 267ff9 says that it fixes Fix HDFFV-11053 CVE-2020-10810 but it does not change anything in H5AC.c

aniedzielaAnaconda avatar May 19 '23 23:05 aniedzielaAnaconda

These are all fixed in 1.14.3, 1.10.11, and 1.12.3

derobins avatar Sep 05 '23 16:09 derobins

Hi folks, isn't bd6f3b a fix for CVE-2020-10810? The description in 267ff9 says that it fixes Fix HDFFV-11053 CVE-2020-10810 but it does not change anything in H5AC.c

CVE fixes rarely touch the metadata cache (H5AC). They usually involve fixing the metadata cache clients themselves, particularly when reading malformed files.

derobins avatar Sep 05 '23 16:09 derobins