diff options
| author | Binh-Minh Ribler <bmribler@hdfgroup.org> | 2020-07-07 17:49:24 (GMT) |
|---|---|---|
| committer | Binh-Minh Ribler <bmribler@hdfgroup.org> | 2020-07-07 17:49:24 (GMT) |
| commit | 0cff7d03f8b8f7889be71ac2115b2835f3cd26d2 (patch) | |
| tree | 4f92d9bd0dc4430e586a1ce7ab937059a0229a8c /release_docs/RELEASE.txt | |
| parent | 37f6de1b3037a2b7a569c2edb08f58f8ba323af0 (diff) | |
| parent | bf3ef96e9d5a28e824d7e89b5af590b61f530944 (diff) | |
| download | hdf5-0cff7d03f8b8f7889be71ac2115b2835f3cd26d2.zip hdf5-0cff7d03f8b8f7889be71ac2115b2835f3cd26d2.tar.gz hdf5-0cff7d03f8b8f7889be71ac2115b2835f3cd26d2.tar.bz2 | |
Merge pull request #2675 in HDFFV/hdf5 from bmr_HDFFV-10591-v110 to hdf5_1_10
Fixed HDFFV-10591 (CVE-2018-17435)
* commit 'bf3ef96e9d5a28e824d7e89b5af590b61f530944':
Fix HDFFV-10591
Diffstat (limited to 'release_docs/RELEASE.txt')
| -rw-r--r-- | release_docs/RELEASE.txt | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/release_docs/RELEASE.txt b/release_docs/RELEASE.txt index ab601f5..85359cd 100644 --- a/release_docs/RELEASE.txt +++ b/release_docs/RELEASE.txt @@ -317,6 +317,18 @@ Bug Fixes since HDF5-1.10.5 release Library ------- + - Fixed CVE-2018-17435 + + The tool h52gif produced a segfault when the size of an attribute + message was corrupted and caused a buffer overflow. + + The problem was fixed by verifying the attribute message's size + against the buffer size before accessing the buffer. h52gif was + also fixed to display the failure instead of silently exiting + after the segfault was eliminated. + + (BMR - 2020/6/19, HDFFV-10591) + - Improved peformance when creating a large number of small datasets by retrieving default property values from the API context instead of doing skip list searches. |