Your message dated Sun, 04 Jan 2026 13:52:52 +0000
with message-id <[email protected]>
and subject line Bug#1117607: fixed in debian-security-support 1:13+2026.01.04
has caused the Debian Bug report #1117607,
regarding debian-security-support: Mark hdf5 with limited support
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1117607: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117607
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: debian-security-support
Severity: normal
X-Debbugs-Cc: Debian Security Team <[email protected]>,
[email protected]
I propose to mark hdf5 as limited support in Debian 11 (bullseye).
# Package Description
Hierarchical Data Format 5 (HDF5) is a file format and library for
storing scientific data. HDF5 was designed and implemented to address
the deficiencies of HDF4.x. It has a more powerful and flexible data
model, supports files larger than 2 GB, and supports parallel I/O.
# Obstacles Preventing Continued Support
Upstream does not seem to support security updates of older releases.
There are tags of the 1.10 series in bullseye up to 1.10.11 but they
contain a lot of changes all over the place, like reformatting, adding
new functionality and behavior changes. So uploading a new upstream
version seems too risky. On the other hand the upstream git has no clear
commits of the security patches. They are often committed in bulk and
then partly reverted due to regressions and later committed again,
probably due to other commits in between fixing the regressions. There
is https://github.com/HDFGroup/cve_hdf5.git which allows easy testing of
the CVEs and I tried cherry-picking some commits but it resulted in
different tests failing.
# Proposed entry for security-support.deb11
hdf5 limited Not covered by security support, only suitable for trusted
content, see -1
--- End Message ---
--- Begin Message ---
Source: debian-security-support
Source-Version: 1:13+2026.01.04
Done: Holger Levsen <[email protected]>
We believe that the bug you reported is fixed in the latest version of
debian-security-support, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Holger Levsen <[email protected]> (supplier of updated debian-security-support
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 04 Jan 2026 13:09:01 +0100
Source: debian-security-support
Architecture: source
Version: 1:13+2026.01.04
Distribution: trixie
Urgency: medium
Maintainer: Debian Security Team <[email protected]>
Changed-By: Holger Levsen <[email protected]>
Closes: 1117607 1118273 1124558
Changes:
debian-security-support (1:13+2026.01.04) trixie; urgency=medium
.
[ Holger Levsen ]
* deb13: mark wpewebkit as unsupported. Closes: #1118273.
.
[ Jochen Sprickerhof ]
* deb13+12+11: mark hdf5 as limited supported. Closes: 1117607.
.
[ Moritz Muehlenhoff ]
* deb13+12: mark zabbix as limited support. Closes: #1124558.
Checksums-Sha1:
e2ac8c24a5fa4fe783ef21516707c66312f64ba7 1975
debian-security-support_13+2026.01.04.dsc
b086154b6a6111f671a80422bcee5515954c382a 37800
debian-security-support_13+2026.01.04.tar.xz
3d3553ba10426740861509697a293b5bb7131aaf 7194
debian-security-support_13+2026.01.04_source.buildinfo
Checksums-Sha256:
14340d28735bcb12f84bbac2cb7a2d15da82ea4fed8dc53ea99c2cc4f88f9f16 1975
debian-security-support_13+2026.01.04.dsc
74dbf543703b36c097bdb3e0a36a3da59bd2962c1c7130096370a54d1292eb0d 37800
debian-security-support_13+2026.01.04.tar.xz
3a5ba3b463bfb68ec2c464e798460467a95349019e09eeb59b89085573245351 7194
debian-security-support_13+2026.01.04_source.buildinfo
Files:
a963f20e040ed6e100fe31ac073cc780 1975 admin optional
debian-security-support_13+2026.01.04.dsc
4f72aa725017fd5a0d1a3e737269de2f 37800 admin optional
debian-security-support_13+2026.01.04.tar.xz
c762fc9d3fdbc1deba57ab5f35c4731b 7194 admin optional
debian-security-support_13+2026.01.04_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEuL9UE3sJ01zwJv6dCRq4VgaaqhwFAmlaWusACgkQCRq4Vgaa
qhwiBxAAorIVuGYVKKTzYmyQGVi6fUnGdHmLq7YOxJwyNEcwl2W92LKRSXjPoo9+
KTEk6hR97tZNxDCuxtq1cFu6zGveeG6a3Aq+xtAtOFC3Q/uH7cPdoD4iWZJm6sdt
luybEUiYhzCfyu2cXXFocVr0Q1pC5LHQbfVtaRBLt3oxiQBk+QVf41AiZ35SIH6p
D8Jj3nq0cXlKj/TBLrq6ebsgM6K7Z12lIxEJn2YXmsPyPezhgr1Ph5N4/nBh0VN6
FvlueOP7NkdafjZOWwb/4Hktx0f+i0y/eYPGAoDmPUV35e/1ltpbm3c1BAYLxdiJ
Te3UIf78+SFR1SlX0NujVNMUTmBIOAmEYkBju50XDIj+MzV23APWrMmbGazRtYTP
KFWXyCwwDWlKFVveQ4T9NVbEqIPOHM9xIBOz3ZrW8DRcX2v6NPSkkA3aP8C6WQk0
9Yzw1cjzb3BbermbqW7I41bKLCZdmVc6gPfAysQak1srvf7SYkOVLvnAVXH+oa2B
Ex5LRRkfF4PbFTTqLpJtYZUN58feyDNPZF+mpJJYnweyLUH9FWWrz1rkkOjIehkn
/6+PVpTHtS22N5lqlcinMIt+dJYcZDnosU5k8BtNwTa4bGH4lzCUpwxVP0xu4vSb
Y7eHMnZ7SZhc2azYDi3oy9QUgKqXHqet1H0Hzd8dGNgoWCECzN4=
=ZB/I
-----END PGP SIGNATURE-----
pgpQ8IPpV2aG4.pgp
Description: PGP signature
--- End Message ---
