diff options
| author | Sudhir Dumbhare <sudumbha@cisco.com> | 2025-12-08 20:59:14 -0800 |
|---|---|---|
| committer | Anuj Mittal <anuj.mittal@oss.qualcomm.com> | 2025-12-11 08:00:53 +0530 |
| commit | e0dbf0bcd38f886ed4c720cdf520d6b04534fee0 (patch) | |
| tree | 21357d11ddc3111cf51ce0b555fea754d50f146d /meta-python/recipes-devtools/python/python3-astor_0.8.1.bb | |
| parent | c223262bd7e275a8518a3524e51ff616cad70aab (diff) | |
| download | meta-openembedded-e0dbf0bcd38f886ed4c720cdf520d6b04534fee0.tar.gz | |
hdf5 1.14.4-3: fix CVE-2025-2912
Upstream Repository: https://github.com/HDFGroup/hdf5.git
Bug Details: https://nvd.nist.gov/vuln/detail/CVE-2025-2912
Type: Security Fix
CVE: CVE-2025-2912
Score: 4.8
Patch: https://github.com/HDFGroup/hdf5/commit/7cc8b5e1010a
Analysis:
- CVE-2025-2913 was previously fixed by [1], which is also addresses CVE-2025-2912
as noted in [4].
- NVD [2] references the GitHub discussion [3] for CVE-2025-2912, and we successfully
reproduced the issue following the steps outlined there.
- Applied the fix from [4] and verified resolution using the reproduction steps.
- The same patch [4] is already included in OE-scarthgap [5] for CVE-2025-2913.
- Therefore, reused the patch from [5] to resolve CVE-2025-2912.
References:
[1] https://github.com/HDFGroup/hdf5/commit/7cc8b5e1010a
[2] https://nvd.nist.gov/vuln/detail/CVE-2025-2912
[3] https://github.com/HDFGroup/hdf5/issues/5370#issue-2917388806
[4] https://github.com/HDFGroup/hdf5/issues/5370#issuecomment-3542881855
[5] https://git.openembedded.org/meta-openembedded/commit/meta-oe/recipes-support/hdf5?h=scarthgap&id=b42e6eb3e51a
Signed-off-by: Sudhir Dumbhare <sudumbha@cisco.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
Diffstat (limited to 'meta-python/recipes-devtools/python/python3-astor_0.8.1.bb')
0 files changed, 0 insertions, 0 deletions