Merge pull request #1054 in HDFFV/hdf5 from ~DEROBINS/hdf5_der:hdf5_1_8 to hdf5_1_8

* commit '2636f401ba236e99adda4cc50fb89bebbe0b73fd':
  Moved a fix for HDFFV-10358 (CVE-2017-17509) from develop to 1.8.

1 files changed, 17 insertions, 0 deletions

diff --git a/release_docs/RELEASE.txt b/release_docs/RELEASE.txt
index 30b148a..ad06d40 100644
--- a/release_docs/RELEASE.txt
+++ b/release_docs/RELEASE.txt
@@ -209,6 +209,23 @@ Bug Fixes since HDF5-1.8.20
 
       (DER - 2018/02/26, HDFFV-10357)
 
+    - If an HDF5 file contains a malformed symbol table node that declares
+      it contains more symbols than it actually contains, the library
+      can run off the end of the metadata cache buffer while processing
+      the symbol table node.
+
+      This issue was reported to The HDF Group as issue #CVE-2017-17509.
+
+      NOTE: The HDF5 C library cannot produce such a file. This condition
+            should only occur in a corrupt (or deliberately altered) file
+            or a file created by third-party software.
+
+      Performing bounds checks on the buffer while processing fixes the
+      problem. Instead of the segmentation fault, the normal HDF5 error
+      handling is invoked.
+
+      (DER - 2018/03/12, HDFFV-10358)
+
     Configuration
     -------------
     - CMake