diff options
| author | Larry Knox <lrknox@hdfgroup.org> | 2018-08-15 12:51:19 (GMT) |
|---|---|---|
| committer | Larry Knox <lrknox@hdfgroup.org> | 2018-08-17 03:11:21 (GMT) |
| commit | 3f0655a0a42beaf114c00fbe9cd5e801d59c83b6 (patch) | |
| tree | a240fda78825bd2daa47dab714815271d30e5fb7 /release_docs | |
| parent | 7a7ab1939d03480cf2413bdcfad0a0e5dc59af8d (diff) | |
| download | hdf5-3f0655a0a42beaf114c00fbe9cd5e801d59c83b6.zip hdf5-3f0655a0a42beaf114c00fbe9cd5e801d59c83b6.tar.gz hdf5-3f0655a0a42beaf114c00fbe9cd5e801d59c83b6.tar.bz2 | |
Merge pull request #1190 in HDFFV/hdf5 from ~BMRIBLER/hdf5_1_10_3-bmr:hdf5_1_10_3 to hdf5_1_10_3
* commit 'fae6c2fea419eb018414a9eed78a23e133a3660b':
Revised entry on CVE issues
Added notes about CVE issues
Diffstat (limited to 'release_docs')
| -rw-r--r-- | release_docs/RELEASE.txt | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/release_docs/RELEASE.txt b/release_docs/RELEASE.txt index d757ebf..a38ac3a 100644 --- a/release_docs/RELEASE.txt +++ b/release_docs/RELEASE.txt @@ -269,6 +269,39 @@ Bug Fixes since HDF5-1.10.2 release (JTH - 2018/08/02, HDFFV-10512) + - User's patches: CVEs + + The following patches have been applied: + + CVE-2018-11202 - NULL pointer dereference was discovered in + H5S_hyper_make_spans in H5Shyper.c (HDFFV-10476) + https://security-tracker.debian.org/tracker/CVE-2018-11202 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2018-11202 + + CVE-2018-11203 - A division by zero was discovered in + H5D__btree_decode_key in H5Dbtree.c (HDFFV-10477) + https://security-tracker.debian.org/tracker/CVE-2018-11203 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2018-11203 + + CVE-2018-11204 - A NULL pointer dereference was discovered in + H5O__chunk_deserialize in H5Ocache.c (HDFFV-10478) + https://security-tracker.debian.org/tracker/CVE-2018-11204 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2018-11204 + + CVE-2018-11206 - An out of bound read was discovered in + H5O_fill_new_decode and H5O_fill_old_decode in H5Ofill.c + (HDFFV-10480) + https://security-tracker.debian.org/tracker/CVE-2018-11206 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2018-11206 + + CVE-2018-11207 - A division by zero was discovered in + H5D__chunk_init in H5Dchunk.c (HDFFV-10481) + https://security-tracker.debian.org/tracker/CVE-2018-11207 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2018-11207 + + (BMR - 2018/7/22, PR#s: 1134 and 1139, + HDFFV-10476, HDFFV-10477, HDFFV-10478, HDFFV-10480, HDFFV-10481) + - H5Adelete H5Adelete failed when deleting the last "large" attribute that @@ -349,6 +382,7 @@ Bug Fixes since HDF5-1.10.2 release (DER - 2018/02/26, HDFFV-10356) + Configuration ------------- - Applied patches to address Cywin build issues |