Four CVEs for hdf5 issues fixed in unstable

CVE-2017-17505, CVE-2017-17506, CVE-2017-17508 and CVE-2017-17509 are
fixed in upstream release 1.10.2.

https://confluence.hdfgroup.org/display/support/HDF5+1.10.2

And thus included in the 1.10.4+repack-1 upload to unstable.

For CVE-2017-17507 upstrema does not plan to fix the bug:

    - If an HDF5 file contains a malformed compound datatype with a
      suitably large offset, the type conversion code can run off
      the end of the type conversion buffer, causing a segmentation
      fault.

      This issue was reported to The HDF Group as issue #CVE-2017-17507.
          https://security-tracker.debian.org/tracker/CVE-2017-17506
          https://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2017-17506

      NOTE: The HDF5 C library cannot produce such a file. This condition
            should only occur in a corrupt (or deliberately altered) file
            or a file created by third-party software.

      THE HDF GROUP WILL NOT FIX THIS BUG AT THIS TIME

      Fixing this problem would involve updating the publicly visible
      H5T_conv_t function pointer typedef and versioning the API calls
      which use it. We normally only modify the public API during
      major releases, so this bug will not be fixed at this time.

      (DER - 2018/02/26, HDFFV-10356)