summaryrefslogtreecommitdiffstats
path: root/release_docs/RELEASE.txt
diff options
context:
space:
mode:
authorLarry Knox <lrknox@hdfgroup.org>2021-10-21 21:08:05 (GMT)
committerGitHub <noreply@github.com>2021-10-21 21:08:05 (GMT)
commitf9a57500cae57d94444db08f636dea209cbdbf56 (patch)
tree169dfb867b6b5d494386916bce511241619eea2d /release_docs/RELEASE.txt
parent76c77a242cd1b092b5d176057b0d4000bebffd13 (diff)
downloadhdf5-f9a57500cae57d94444db08f636dea209cbdbf56.zip
hdf5-f9a57500cae57d94444db08f636dea209cbdbf56.tar.gz
hdf5-f9a57500cae57d94444db08f636dea209cbdbf56.tar.bz2
Add release note for HDFFV-11150 fix. (#1106)
* Add release note for HDFFV-11150 fix. * Add note about gif tool CVEs.
Diffstat (limited to 'release_docs/RELEASE.txt')
-rw-r--r--release_docs/RELEASE.txt24
1 files changed, 23 insertions, 1 deletions
diff --git a/release_docs/RELEASE.txt b/release_docs/RELEASE.txt
index 09e0a95..f12fbb8 100644
--- a/release_docs/RELEASE.txt
+++ b/release_docs/RELEASE.txt
@@ -66,7 +66,13 @@ New Features
that default ON/enabled.
Add configure options (autotools - CMake):
- enable-hltools HDF5_BUILD_HL_TOOLS
+ --enable-hltools HDF5_BUILD_HL_TOOLS
+
+ Disabling this option prevents building the gif tool which
+ contains the following CVEs:
+ HDFFV-10592 CVE-2018-17433
+ HDFFV-10593 CVE-2018-17436
+ HDFFV-11048 CVE-2020-10809
(ADB - 2021/09/16, HDFFV-11266)
@@ -1100,6 +1106,14 @@ Bug Fixes since HDF5-1.12.0 release
(ADB - 2021/03/03, #361)
+ - Fixed a segmentation fault
+
+ A segmentation fault occurred with a Mathworks corrupted file.
+
+ A detection of accessing a null pointer was added to prevent the problem.
+
+ (BMR - 2021/02/19, HDFFV-11150)
+
- Fixed issue with MPI communicator and info object not being
copied into new FAPL retrieved from H5F_get_access_plist
@@ -1657,3 +1671,11 @@ The share folder will have the most differences because CMake builds include
a number of CMake specific files for support of CMake's find_package and support
for the HDF5 Examples CMake project.
+The issues with the gif tool are:
+ HDFFV-10592 CVE-2018-17433
+ HDFFV-10593 CVE-2018-17436
+ HDFFV-11048 CVE-2020-10809
+These CVE issues have not yet been addressed and can be avoided by not building
+the gif tool. Disable building the High-Level tools with these options:
+ autotools: --disable-hltools
+ cmake: HDF5_BUILD_HL_TOOLS=OFF