- added comment to explain a kluge

- added the associated entry to release notes
author: Binh-Minh Ribler <bmribler@hdfgroup.org> 2020-06-29 19:16:35 (GMT)
committer: Binh-Minh Ribler <bmribler@hdfgroup.org> 2020-06-29 19:16:35 (GMT)
commit: 7c006fd7617d54ab1b97e9aa1d7d8600385f3f3f (patch)
tree: d7fd63ac4d7b78bccbe078af176851e29798f92a /release_docs
parent: 785a1cef0c2ea2d1a179d86e34117ffd73aaa70d (diff)
download: hdf5-7c006fd7617d54ab1b97e9aa1d7d8600385f3f3f.zip
hdf5-7c006fd7617d54ab1b97e9aa1d7d8600385f3f3f.tar.gz
hdf5-7c006fd7617d54ab1b97e9aa1d7d8600385f3f3f.tar.bz2
1 files changed, 9 insertions, 1 deletions
diff --git a/release_docs/RELEASE.txt b/release_docs/RELEASE.txt
index 72cab28..d9267e8 100644
--- a/release_docs/RELEASE.txt
+++ b/release_docs/RELEASE.txt
@@ -631,7 +631,15 @@ Bug Fixes since HDF5-1.10.3 release
 
     Library
     -------
-    - Fixed the decoding of an attribute message to prevent a segfault by h52gif
+    - Fixed CVE-2020-10810
+
+      The tool h5clear produced a segfault during an error recovery in
+      the superblock decoding.  An internal pointer was reset to prevent
+      further accessing when it is not assigned with a value.
+
+      (BMR - 2020/6/29, HDFFV-11053)
+
+    - Fixed CVE-2018-17435
 
       The tool h52gif produced a segfault when the size of an attribute
       message was corrupted and caused a buffer overflow.
author	Binh-Minh Ribler <bmribler@hdfgroup.org>	2020-06-29 19:16:35 (GMT)
committer	Binh-Minh Ribler <bmribler@hdfgroup.org>	2020-06-29 19:16:35 (GMT)
commit	7c006fd7617d54ab1b97e9aa1d7d8600385f3f3f (patch)
tree	d7fd63ac4d7b78bccbe078af176851e29798f92a /release_docs
parent	785a1cef0c2ea2d1a179d86e34117ffd73aaa70d (diff)
download	hdf5-7c006fd7617d54ab1b97e9aa1d7d8600385f3f3f.zip hdf5-7c006fd7617d54ab1b97e9aa1d7d8600385f3f3f.tar.gz hdf5-7c006fd7617d54ab1b97e9aa1d7d8600385f3f3f.tar.bz2