hdf5: 1.10.6 -> 1.10.7 #111313
hdf5: 1.10.6 -> 1.10.7 #111313
Conversation
dotlambda
added
1.severity: security
9.needs: port to stable
|
/rebase-staging |
|
Actually I am not sure if this should go through staging but over 500 rebuilds when hydra has issues seems a bit much. |
github-actions
bot
force-pushed
the
hdf5-1.10.7
branch
from
712540c
to
455ea0d
Compare
|
For security updates one could make an exception and bypass staging. However, nixpkgs-review shows ~900 rebuilds, probably making staging the right call. |
Does anyone know? |
|
Does not fix. https://repology.org/project/hdf5/cves?version=1.12.0 |
Maybe the maintainers can update to a version > 1.12.0 after this is merged. |
|
There is no version > 1.12.0. |
|
Yeah I think it's very unlikely it fixes CVE-2020-10809 - |
|
Looking more broadly, I don't think that CVE has been fixed anywhere, even in hdf |
|
Marking it as insecure will impact a very high number of packages. What should we do? |
|
I opened an upstream issue. I think we should merge this and discuss the remaining CVEs in the issue linked above. |
|
What needs to be done to get this merged? |
|
hdf5 builds locally fine. Note: |
TredwellGit
removed
the
9.needs: port to stable
Motivation for this change
fix CVE-2018-13870, CVE-2018-13869, CVE-2018-17438, and CVE-2018-17435 (see https://github.com/HDFGroup/hdf5/blob/hdf5-1_10_7/release_docs/RELEASE.txt)
I'm not sure if this fixes the vulnerabilities mentioned in #88322.
Things done
sandboxinnix.confon non-NixOS linux)nix-shell -p nixpkgs-review --run "nixpkgs-review wip"./result/bin/)nix path-info -Sbefore and after)cc @tviti @ttuegel @markuskowa