Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Patches for CVE-2020-10809 through CVE-2020-10812 #310

Closed
dotlambda opened this issue Feb 4, 2021 · 5 comments
Closed

Patches for CVE-2020-10809 through CVE-2020-10812 #310

dotlambda opened this issue Feb 4, 2021 · 5 comments
Assignees
@derobins @bmribler
Labels
Component - C Library Core C library issues (usually in the src directory) Priority - 0. Blocker ⛔ This MUST be merged for the release to happen Type - Bug / Bugfix Please report security issues to help@hdfgroup.org instead of creating an issue on GitHub

Comments

@dotlambda
Copy link

I can't find patches for these four CVEs:

Can you help me out?
@dotlambda dotlambda mentioned this issue Feb 4, 2021
Closed
4 tasks
@risicle
Copy link

risicle commented Jun 6, 2021

CVE-2020-10810: 267ff90 ?

@risicle
Copy link

risicle commented Jun 6, 2021

CVE-2020-10811: Included in dafc728 ? Claimed to be the same issue as CVE-2018-14033

@risicle risicle mentioned this issue Jun 6, 2021
Closed
4 tasks
@epourmal epourmal added the CVE label Jul 28, 2021
@derobins derobins removed the CVE label Mar 3, 2023
@derobins derobins added Priority - 1. High 🔼 These are important issues that should be resolved in the next release Component - C Library Core C library issues (usually in the src directory) Type - Bug / Bugfix Please report security issues to help@hdfgroup.org instead of creating an issue on GitHub labels May 4, 2023
@aniedzielaAnaconda
Copy link

aniedzielaAnaconda commented May 19, 2023
edited
Loading

Hi folks, isn't bd6f3b a fix for CVE-2020-10810?
The description in 267ff9 says that it fixes Fix HDFFV-11053 CVE-2020-10810 but it does not change anything in H5AC.c

@derobins derobins added Priority - 0. Blocker ⛔ This MUST be merged for the release to happen and removed Priority - 1. High 🔼 These are important issues that should be resolved in the next release labels Jun 30, 2023
@derobins
Copy link
Member

derobins commented Sep 5, 2023

These are all fixed in 1.14.3, 1.10.11, and 1.12.3

@derobins derobins closed this as completed Sep 5, 2023
@derobins
Copy link
Member

derobins commented Sep 5, 2023

Hi folks, isn't bd6f3b a fix for CVE-2020-10810? The description in 267ff9 says that it fixes Fix HDFFV-11053 CVE-2020-10810 but it does not change anything in H5AC.c

CVE fixes rarely touch the metadata cache (H5AC). They usually involve fixing the metadata cache clients themselves, particularly when reading malformed files.

@tomodachi94 tomodachi94 mentioned this issue Oct 11, 2024
Closed
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@derobins derobins

@bmribler bmribler

Labels
Component - C Library Core C library issues (usually in the src directory) Priority - 0. Blocker ⛔ This MUST be merged for the release to happen Type - Bug / Bugfix Please report security issues to help@hdfgroup.org instead of creating an issue on GitHub
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@derobins @risicle @dotlambda @epourmal @bmribler @aniedzielaAnaconda