summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorBinh-Minh Ribler <bmribler@hdfgroup.org>2018-08-15 04:05:47 (GMT)
committerBinh-Minh Ribler <bmribler@hdfgroup.org>2018-08-15 04:05:47 (GMT)
commit8e92fd2b3608649b6b4b14bd31220bda88771cd7 (patch)
tree7529e33c18b72303e760b52722fcb8c48dcaf9fe
parent5647dea421be9dc8429f08632aa72a8a22904292 (diff)
parent7c2d969e85eac7c72f3a289385b2707ea3e77217 (diff)
downloadhdf5-8e92fd2b3608649b6b4b14bd31220bda88771cd7.zip
hdf5-8e92fd2b3608649b6b4b14bd31220bda88771cd7.tar.gz
hdf5-8e92fd2b3608649b6b4b14bd31220bda88771cd7.tar.bz2
Merge pull request #1192 in HDFFV/hdf5 from ~BMRIBLER/hdf5_bmr_cpp4:develop to develop
Add CVE issues. * commit '7c2d969e85eac7c72f3a289385b2707ea3e77217': Added notes about CVE issues.
-rw-r--r--release_docs/RELEASE.txt33
1 files changed, 33 insertions, 0 deletions
diff --git a/release_docs/RELEASE.txt b/release_docs/RELEASE.txt
index 96a91b1..5b42f3d 100644
--- a/release_docs/RELEASE.txt
+++ b/release_docs/RELEASE.txt
@@ -205,6 +205,39 @@ Bug Fixes since HDF5-1.10.2 release
(JTH - 2018/08/02, HDFFV-10512)
+ - User's patches: CVEs
+
+ The following patches have been applied:
+
+ CVE-2018-11202 - NULL pointer dereference was discovered in
+ H5S_hyper_make_spans in H5Shyper.c (HDFFV-10476)
+ https://security-tracker.debian.org/tracker/CVE-2018-11202
+ https://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2018-11202
+
+ CVE-2018-11203 - A division by zero was discovered in
+ H5D__btree_decode_key in H5Dbtree.c (HDFFV-10477)
+ https://security-tracker.debian.org/tracker/CVE-2018-11203
+ https://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2018-11203
+
+ CVE-2018-11204 - A NULL pointer dereference was discovered in
+ H5O__chunk_deserialize in H5Ocache.c (HDFFV-10478)
+ https://security-tracker.debian.org/tracker/CVE-2018-11204
+ https://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2018-11204
+
+ CVE-2018-11206 - An out of bound read was discovered in
+ H5O_fill_new_decode and H5O_fill_old_decode in H5Ofill.c
+ (HDFFV-10480)
+ https://security-tracker.debian.org/tracker/CVE-2018-11206
+ https://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2018-11206
+
+ CVE-2018-11207 - A division by zero was discovered in
+ H5D__chunk_init in H5Dchunk.c (HDFFV-10481)
+ https://security-tracker.debian.org/tracker/CVE-2018-11207
+ https://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2018-11207
+
+ (BMR - 2018/7/22, PR#s: 1134 and 1139,
+ HDFFV-10476, HDFFV-10477, HDFFV-10478, HDFFV-10480, HDFFV-10481)
+
- H5Adelete
H5Adelete failed when deleting the last "large" attribute that