From https://github.com/HDFGroup/hdf5/releases/tag/hdf5_1.14.4.2 """ Fixed many CVE issues Many soon-to-be-reported CVE issues were fixed in this release. These are similar to previously reported CVE issues in that they involve file parsing errors that generally result in a segfault. They are usually rated as medium severity by NIST. These issues do not have official CVE numbers yet. With these fixes, HDF5 will once again be CVE-free. """
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e74ef4bd39c13a64422aec66c646b857884727d4 commit e74ef4bd39c13a64422aec66c646b857884727d4 Author: Sam James <sam@gentoo.org> AuthorDate: 2024-04-16 03:33:29 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2024-04-16 03:34:25 +0000 sci-libs/hdf5: add 1.14.4_p2 Drop LTO filtering as it's fixed upstream. Bug: https://bugs.gentoo.org/922800 Bug: https://bugs.gentoo.org/930089 Signed-off-by: Sam James <sam@gentoo.org> sci-libs/hdf5/Manifest | 1 + ...hat-during-runtime-we-ll-use-the-same-lib.patch | 28 +++++ ...hdf5-1.14.4-0002-Disable-forced-stripping.patch | 31 ++++++ ...-1.14.4-0003-Drop-broken-Werror-stripping.patch | 65 ++++++++++++ sci-libs/hdf5/hdf5-1.14.4_p2.ebuild | 118 +++++++++++++++++++++ 5 files changed, 243 insertions(+)