diff options
author | Larry Knox <lrknox@hdfgroup.org> | 2021-10-21 21:08:05 (GMT) |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-10-21 21:08:05 (GMT) |
commit | f9a57500cae57d94444db08f636dea209cbdbf56 (patch) | |
tree | 169dfb867b6b5d494386916bce511241619eea2d | |
parent | 76c77a242cd1b092b5d176057b0d4000bebffd13 (diff) | |
download | hdf5-f9a57500cae57d94444db08f636dea209cbdbf56.zip hdf5-f9a57500cae57d94444db08f636dea209cbdbf56.tar.gz hdf5-f9a57500cae57d94444db08f636dea209cbdbf56.tar.bz2 |
Add release note for HDFFV-11150 fix. (#1106)
* Add release note for HDFFV-11150 fix.
* Add note about gif tool CVEs.
-rw-r--r-- | release_docs/RELEASE.txt | 24 |
1 files changed, 23 insertions, 1 deletions
diff --git a/release_docs/RELEASE.txt b/release_docs/RELEASE.txt index 09e0a95..f12fbb8 100644 --- a/release_docs/RELEASE.txt +++ b/release_docs/RELEASE.txt @@ -66,7 +66,13 @@ New Features that default ON/enabled. Add configure options (autotools - CMake): - enable-hltools HDF5_BUILD_HL_TOOLS + --enable-hltools HDF5_BUILD_HL_TOOLS + + Disabling this option prevents building the gif tool which + contains the following CVEs: + HDFFV-10592 CVE-2018-17433 + HDFFV-10593 CVE-2018-17436 + HDFFV-11048 CVE-2020-10809 (ADB - 2021/09/16, HDFFV-11266) @@ -1100,6 +1106,14 @@ Bug Fixes since HDF5-1.12.0 release (ADB - 2021/03/03, #361) + - Fixed a segmentation fault + + A segmentation fault occurred with a Mathworks corrupted file. + + A detection of accessing a null pointer was added to prevent the problem. + + (BMR - 2021/02/19, HDFFV-11150) + - Fixed issue with MPI communicator and info object not being copied into new FAPL retrieved from H5F_get_access_plist @@ -1657,3 +1671,11 @@ The share folder will have the most differences because CMake builds include a number of CMake specific files for support of CMake's find_package and support for the HDF5 Examples CMake project. +The issues with the gif tool are: + HDFFV-10592 CVE-2018-17433 + HDFFV-10593 CVE-2018-17436 + HDFFV-11048 CVE-2020-10809 +These CVE issues have not yet been addressed and can be avoided by not building +the gif tool. Disable building the High-Level tools with these options: + autotools: --disable-hltools + cmake: HDF5_BUILD_HL_TOOLS=OFF |