Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 930089

Summary: sci-libs/hdf5: Multiple vulnerabilities
Product: Gentoo Security Reporter: Sam James <sam>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: IN_PROGRESS ---    
Severity: normal CC: sci
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Package list:
Runtime testing required: ---

Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2024-04-16 03:34:20 UTC
Fixed many CVE issues

Many soon-to-be-reported CVE issues were fixed in this release. These are
similar to previously reported CVE issues in that they involve file parsing
errors that generally result in a segfault. They are usually rated as
medium severity by NIST. These issues do not have official CVE numbers yet.

With these fixes, HDF5 will once again be CVE-free.
Comment 1 Larry the Git Cow gentoo-dev 2024-04-16 03:34:56 UTC
The bug has been referenced in the following commit(s):

commit e74ef4bd39c13a64422aec66c646b857884727d4
Author:     Sam James <>
AuthorDate: 2024-04-16 03:33:29 +0000
Commit:     Sam James <>
CommitDate: 2024-04-16 03:34:25 +0000

    sci-libs/hdf5: add 1.14.4_p2
    Drop LTO filtering as it's fixed upstream.
    Signed-off-by: Sam James <>

 sci-libs/hdf5/Manifest                             |   1 +
 ...hat-during-runtime-we-ll-use-the-same-lib.patch |  28 +++++
 ...hdf5-1.14.4-0002-Disable-forced-stripping.patch |  31 ++++++
 ...-1.14.4-0003-Drop-broken-Werror-stripping.patch |  65 ++++++++++++
 sci-libs/hdf5/hdf5-1.14.4_p2.ebuild                | 118 +++++++++++++++++++++
 5 files changed, 243 insertions(+)