mirror of
https://github.com/openembedded/meta-openembedded.git
synced 2026-06-15 06:10:02 +00:00
Sudhir Dumbhare
e0dbf0bcd3
Upstream Repository: https://github.com/HDFGroup/hdf5.git Bug Details: https://nvd.nist.gov/vuln/detail/CVE-2025-2912 Type: Security Fix CVE: CVE-2025-2912 Score: 4.8 Patch: https://github.com/HDFGroup/hdf5/commit/7cc8b5e1010a Analysis: - CVE-2025-2913 was previously fixed by [1], which is also addresses CVE-2025-2912 as noted in [4]. - NVD [2] references the GitHub discussion [3] for CVE-2025-2912, and we successfully reproduced the issue following the steps outlined there. - Applied the fix from [4] and verified resolution using the reproduction steps. - The same patch [4] is already included in OE-scarthgap [5] for CVE-2025-2913. - Therefore, reused the patch from [5] to resolve CVE-2025-2912. References: [1] https://github.com/HDFGroup/hdf5/commit/7cc8b5e1010a [2] https://nvd.nist.gov/vuln/detail/CVE-2025-2912 [3] https://github.com/HDFGroup/hdf5/issues/5370#issue-2917388806 [4] https://github.com/HDFGroup/hdf5/issues/5370#issuecomment-3542881855 [5] https://git.openembedded.org/meta-openembedded/commit/meta-oe/recipes-support/hdf5?h=scarthgap&id=b42e6eb3e51a Signed-off-by: Sudhir Dumbhare <sudumbha@cisco.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>