Report matio issues to primary contact of hdf5 group

[tbeu]

This is due to https://github.com/HDFGroup/hdf5/issues/272 and the recently disclosed issues https://github.com/HDFGroup/hdf5/issues/4350 and https://github.com/HDFGroup/hdf5/issues/4351. Many of the found issues actually address libhdf5. I know that libhdf5 has its own oss-fuzz setup, but I cannot be sure if the reported issues for libmatio are also found there.

@derobins Being primary contact for hdf5 fuzzing report, do you approve?

[github-actions[bot]]

tbeu has previously contributed to projects/matio. The previous PR was #6018

[DonggeLiu]

Thanks @tbeu. I will convert this to a draft for now until @derobins approves.

[tbeu]

@DonggeLiu Feel free to close if there is no response/approval by @derobins.

[derobins]

You can report them to us, but I'm not going to make any promises about debugging issues through 3rd-party software until we've managed to close all of our own oss-fuzz issues. Hopefully, most of your issues will get closed as we work on our oss-fuzz issues over the summer.

[DonggeLiu]

You can report them to us, but I'm not going to make any promises about debugging issues through 3rd-party software until we've managed to close all of our own oss-fuzz issues.

Hi @derobins, we appreciate the effort to maintain the project, and do not require immediate fixes.

Just to clarify: OSS-Fuzz has a 90-day disclosure policy. Would that be acceptable for your situation? Thanks : )

[tbeu]

OK, seems not desired or necessary after all.