Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > linux.debian.bugs.dist > #1265250

Bug#1117607: debian-security-support: Mark hdf5 with limited support

From Jochen Sprickerhof <jspricke@debian.org>
Newsgroups linux.debian.bugs.dist
Subject Bug#1117607: debian-security-support: Mark hdf5 with limited support
Date 2025-10-08 17:00 +0200
Message-ID <LDDO2-3G33-9@gated-at.bofh.it> (permalink)
Organization linux.* mail to news gateway

Show all headers | View raw

Package: debian-security-support
Severity: normal
X-Debbugs-Cc: Debian Security Team <team@security.debian.org>, hdf5@packages.debian.org

I propose to mark hdf5 as limited support in Debian 11 (bullseye).

# Package Description

Hierarchical Data Format 5 (HDF5) is a file format and library for
storing scientific data. HDF5 was designed and implemented to address
the deficiencies of HDF4.x. It has a more powerful and flexible data
model, supports files larger than 2 GB, and supports parallel I/O.

# Obstacles Preventing Continued Support

Upstream does not seem to support security updates of older releases.
There are tags of the 1.10 series in bullseye up to 1.10.11 but they
contain a lot of changes all over the place, like reformatting, adding
new functionality and behavior changes. So uploading a new upstream
version seems too risky. On the other hand the upstream git has no clear
commits of the security patches. They are often committed in bulk and
then partly reverted due to regressions and later committed again,
probably due to other commits in between fixing the regressions. There
is https://github.com/HDFGroup/cve_hdf5.git which allows easy testing of
the CVEs and I tried cherry-picking some commits but it resulted in
different tests failing.

# Proposed entry for security-support.deb11

hdf5  limited  Not covered by security support, only suitable for trusted content, see -1

Back to linux.debian.bugs.dist | Previous | NextNext in thread | Find similar

Thread

Bug#1117607: debian-security-support: Mark hdf5 with limited support Jochen Sprickerhof <jspricke@debian.org> - 2025-10-08 17:00 +0200
  Bug#1117607: debian-security-support: Mark hdf5 with limited support Holger Levsen <holger@layer-acht.org> - 2025-10-08 20:00 +0200
    Bug#1117607: debian-security-support: Mark hdf5 with limited support Jochen Sprickerhof <jspricke@debian.org> - 2025-10-08 20:50 +0200
      Bug#1117607: debian-security-support: Mark hdf5 with limited support Moritz Mühlenhoff <jmm@inutil.org> - 2025-10-08 23:20 +0200
        Bug#1117607: debian-security-support: Mark hdf5 with limited support Holger Levsen <holger@layer-acht.org> - 2025-10-09 10:10 +0200
          Bug#1117607: debian-security-support: Mark hdf5 with limited support Moritz Mühlenhoff <jmm@inutil.org> - 2025-10-09 20:50 +0200
            Bug#1117607: debian-security-support: Mark hdf5 with limited support Holger Levsen <holger@layer-acht.org> - 2025-10-10 10:50 +0200

csiph-web