diff options
| author | Larry Knox <lrknox@hdfgroup.org> | 2021-06-03 21:07:23 (GMT) |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-06-03 21:07:23 (GMT) |
| commit | 061b23ac0011d3a26f660a7f4d07c40f41d63f10 (patch) | |
| tree | c2e38994fbd770e503266a1dc2390f8b590bdb33 /release_docs/RELEASE.txt | |
| parent | 3b5163fa8170647d99bd00e180651cb7b103ed19 (diff) | |
| download | hdf5-061b23ac0011d3a26f660a7f4d07c40f41d63f10.zip hdf5-061b23ac0011d3a26f660a7f4d07c40f41d63f10.tar.gz hdf5-061b23ac0011d3a26f660a7f4d07c40f41d63f10.tar.bz2 | |
Partial merge issue #642 develop branch PRs to Hdf5 1 10 (#718)
* Revert addition of & to 2 parameters in DSetCreatPropList::setVirtual to
maintain binary compatibility.
* Fix H5Eget_auto2/H5Eauto_is_v2 to not clear error stack (#625)
* Removes gratuitous (double)x.yF casts (#632)
* Committing clang-format changes
* Removes gratuitous (double)x.yF casts
* Committing clang-format changes
Co-authored-by: github-actions <41898282+github-actions[bot]@users.noreply.github.com>
* Cleans up a const warning left over from previous constification (#633)
* Committing clang-format changes
* Adds consts to a few global variables
* Cleans up a const warning left over from previous constification
Co-authored-by: github-actions <41898282+github-actions[bot]@users.noreply.github.com>
* Purges UFAIL from the library (#637)
* Committing clang-format changes
* Purges UFAIL from the library
* H5HL_insert change requested in PR
Co-authored-by: github-actions <41898282+github-actions[bot]@users.noreply.github.com>
* Bmr dev hdffv 11223 (#640)
* Fixed HDFFV-11223 (CVE-2018-14460)
Description
- Added checks against buffer size to prevent segfault, in case of data
corruption, for sdim->size and sdim->max.
- Renamed data files in an existing test to shorten their length
as agreed with other developers previously.
Platforms tested:
Linux/64 (jelly)
* Committing clang-format changes
* Updated for test files
* Updated for HDFFV-11223
Co-authored-by: github-actions <41898282+github-actions[bot]@users.noreply.github.com>
* Committing clang-format changes
* Restore "error:" in line 2666.
* Revert "Fix H5Eget_auto2/H5Eauto_is_v2 to not clear error stack (#625)"
This reverts commit 426b50484841118cf633fd6147302a63a30fd746.
Co-authored-by: jhendersonHDF <jhenderson@hdfgroup.org>
Co-authored-by: Dana Robinson <43805+derobins@users.noreply.github.com>
Co-authored-by: github-actions <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: bmribler <39579120+bmribler@users.noreply.github.com>
Diffstat (limited to 'release_docs/RELEASE.txt')
| -rw-r--r-- | release_docs/RELEASE.txt | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/release_docs/RELEASE.txt b/release_docs/RELEASE.txt index b5f8f20..a725c63 100644 --- a/release_docs/RELEASE.txt +++ b/release_docs/RELEASE.txt @@ -339,7 +339,18 @@ Bug Fixes since HDF5-1.10.7 release =================================== Library ------- - - Fixed CVE-2018-17435 + - Fixed CVE-2018-14460 + + The tool h5repack produced a segfault when the rank in dataspace + message was corrupted, causing invalid read while decoding the + dimension sizes. + + The problem was fixed by ensuring that decoding the dimension sizes + and max values will not go beyong the end of the buffer. + + (BMR - 2021/05/12, HDFFV-11223) + + - Fixed CVE-2018-11206 The tool h5dump produced a segfault when the size of a fill value message was corrupted and caused a buffer overflow. |