summaryrefslogtreecommitdiffstats
path: root/Demo
diff options
context:
space:
mode:
authorBenjamin Peterson <benjamin@python.org>2020-04-19 21:13:39 (GMT)
committerBenjamin Peterson <benjamin@python.org>2020-04-19 21:13:39 (GMT)
commit8d21aa21f2cbc6d50aab3f420bb23be1d081dac4 (patch)
tree8133f47ade097d9fa33954a0211ea16b9088bfd3 /Demo
parent8323757381eb3f9dbe5b98edd59bfb4a6d80b493 (diff)
downloadcpython-2.7.zip
cpython-2.7.tar.gz
cpython-2.7.tar.bz2
Add empty 2.7.18 NEWS file.v2.7.182.7
Diffstat (limited to 'Demo')
0 files changed, 0 insertions, 0 deletions
generated by cgit v0.12 at 2026-03-04 11:30:30 (GMT)
e='loricooperhdf-patch-1'>loricooperhdf-patch-1 Mirror from: https://github.com/HDFGroup/hdf5.git
summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* Make H5O__fsinfo_decode() more resilient to out-of-bound reads. (#2229)Egbert Eich2022-11-112-3/+26
| | | | | | | | | | | | | | | | When decoding a file space info message in H5O__fsinfo_decode() make sure each element to be decoded is still within the message. Malformed hdf5 files may have trunkated content which does not match the expected size. Checking this will prevent attempting to decode unrelated data and heap overflows. So far, only free space manager address data was checked before decoding. This fixes CVE-2021-45830 / Bug #2228. Signed-off-by: Egbert Eich <eich@suse.com> Additions Co-authored-by: Larry Knox <lrknox@hdfgroup.org>
* H5IMget_image_info(): Make sure to not exceed local array size (#2227)Egbert Eich2022-11-112-2/+14
| | | | | | | | | | | | | Malformed hdf5 files may provide more dimensions than the array dim[] in H5IMget_image_info() is able to hold. Check number of elements first by calling H5Sget_simple_extent_dims() with NULL for both 'dims' and 'maxdims' arguments. This will cause the function to return only the number of dimensions. The fix addresse a stack overflow on write. This fixes CVE-2018-17439 / HDFFV-10589 / Bug #2226. Signed-off-by: Egbert Eich <eich@suse.com> Signed-off-by: Egbert Eich <eich@suse.com>
* removed uninterpretable line (#2249)Scot Breitenfeld2022-11-111-1/+1
|
* Adds a release note for PR #2210 (CVE-2019-8396) (#2247)Dana Robinson2022-11-101-0/+11
| | | | | * Adds a release note for PR #2210 (CVE-2019-8396) * Capitalization issue fixed
* Removes MPE instrumentation support. (#2245)Dana Robinson2022-11-09