Gilles Filippini · Gilles Filippini · 4b89a1d7 · 4b89a1d7 · 4b89a1d7
--- a/debian/changelog
+++ b/debian/changelog
+hdf5 (1.10.4+repack-2) UNRELEASED; urgency=medium
+
+  * Drop transitional package libhdf5-serial-dev (closes: #878535)
+
+  * Acknowledging fixed CVE in previous releases:
+    - Fixed in upstream release 1.10.2 (closes: #884365):
+      . CVE-2017-17505: NULL pointer dereference in function H5O_pline_decod
+      . CVE-2017-17506: out of bounds read vulnerability in function
+                        H5Opline_pline_decode
+      . CVE-2017-17508: divide-by-zero vulnerability in function H5T_set_loc
+      . CVE-2017-17509: out of bounds write vulnerability in function
+                        H5G__ent_decode_vec
+    - Fixed in upstream release 1.10.3:
+      . CVE-2018-11202: NULL pointer dereference in function
+                        H5S_hyper_make_spans
+      . CVE-2018-11203: division by zero in function H5D__btree_decode_key
+      . CVE-2018-11204: NULL pointer dereference in function
+                        H5O__chunk_deserialize
+      . CVE-2018-11206: out of bound read in functions H5O_fill_new_decode
+                        and H5O_fill_old_decode
+      . CVE-2018-11207: division by zero in function H5D__chunk_init
+
+ -- Gilles Filippini <pini@debian.org>  Thu, 06 Dec 2018 22:43:08 +0100
+
 hdf5 (1.10.4+repack-1) unstable; urgency=medium

  * Upload to unstable

--- a/debian/control
+++ b/debian/control
@@ -211,15 +211,6 @@ Description: Hierarchical Data Format 5 (HDF5) - Runtime tools
 .
 This package contains runtime tools for HDF5.

-Package: libhdf5-serial-dev
-Architecture: all
-Section: oldlibs
-Depends: libhdf5-dev,
-         ${misc:Depends}
-Description: transitional dummy package
- This package is a transitionnal package from libhdf5-serial-dev to
- libhdf5-dev. It can safely be removed.
-
 Package: libhdf5-java
 Architecture: all
 Section: java

--- a/debian/control.in
+++ b/debian/control.in
@@ -211,15 +211,6 @@ Description: Hierarchical Data Format 5 (HDF5) - Runtime tools
 .
 This package contains runtime tools for HDF5.

-Package: libhdf5-serial-dev
-Architecture: all
-Section: oldlibs
-Depends: libhdf5-dev,
-         ${misc:Depends}
-Description: transitional dummy package
- This package is a transitionnal package from libhdf5-serial-dev to
- libhdf5-dev. It can safely be removed.
-
 Package: libhdf5-java
 Architecture: all
 Section: java