Added notes about CVE issues.

author: Binh-Minh Ribler <bmribler@hdfgroup.org> 2018-08-14 23:22:10 (GMT)
committer: Binh-Minh Ribler <bmribler@hdfgroup.org> 2018-08-14 23:22:10 (GMT)
commit: 7c2d969e85eac7c72f3a289385b2707ea3e77217 (patch)
tree: 7529e33c18b72303e760b52722fcb8c48dcaf9fe /release_docs
parent: 5647dea421be9dc8429f08632aa72a8a22904292 (diff)
download: hdf5-7c2d969e85eac7c72f3a289385b2707ea3e77217.zip
hdf5-7c2d969e85eac7c72f3a289385b2707ea3e77217.tar.gz
hdf5-7c2d969e85eac7c72f3a289385b2707ea3e77217.tar.bz2
1 files changed, 33 insertions, 0 deletions
diff --git a/release_docs/RELEASE.txt b/release_docs/RELEASE.txt
index 96a91b1..5b42f3d 100644
--- a/release_docs/RELEASE.txt
+++ b/release_docs/RELEASE.txt
@@ -205,6 +205,39 @@ Bug Fixes since HDF5-1.10.2 release
 
       (JTH - 2018/08/02, HDFFV-10512)
 
+    - User's patches: CVEs
+
+      The following patches have been applied:
+
+      CVE-2018-11202 - NULL pointer dereference was discovered in
+                       H5S_hyper_make_spans in H5Shyper.c (HDFFV-10476)
+        https://security-tracker.debian.org/tracker/CVE-2018-11202
+        https://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2018-11202
+
+      CVE-2018-11203 - A division by zero was discovered in
+                       H5D__btree_decode_key in H5Dbtree.c (HDFFV-10477)
+        https://security-tracker.debian.org/tracker/CVE-2018-11203
+        https://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2018-11203
+
+      CVE-2018-11204 - A NULL pointer dereference was discovered in
+                       H5O__chunk_deserialize in H5Ocache.c (HDFFV-10478)
+        https://security-tracker.debian.org/tracker/CVE-2018-11204
+        https://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2018-11204
+
+      CVE-2018-11206 - An out of bound read was discovered in
+                       H5O_fill_new_decode and H5O_fill_old_decode in H5Ofill.c
+                       (HDFFV-10480)
+        https://security-tracker.debian.org/tracker/CVE-2018-11206
+        https://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2018-11206
+
+      CVE-2018-11207 - A division by zero was discovered in
+                       H5D__chunk_init in H5Dchunk.c  (HDFFV-10481)
+        https://security-tracker.debian.org/tracker/CVE-2018-11207
+        https://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2018-11207
+
+      (BMR - 2018/7/22, PR#s: 1134 and 1139,
+       HDFFV-10476, HDFFV-10477, HDFFV-10478, HDFFV-10480, HDFFV-10481)
+
     - H5Adelete
 
       H5Adelete failed when deleting the last "large" attribute that
author	Binh-Minh Ribler <bmribler@hdfgroup.org>	2018-08-14 23:22:10 (GMT)
committer	Binh-Minh Ribler <bmribler@hdfgroup.org>	2018-08-14 23:22:10 (GMT)
commit	7c2d969e85eac7c72f3a289385b2707ea3e77217 (patch)
tree	7529e33c18b72303e760b52722fcb8c48dcaf9fe /release_docs
parent	5647dea421be9dc8429f08632aa72a8a22904292 (diff)
download	hdf5-7c2d969e85eac7c72f3a289385b2707ea3e77217.zip hdf5-7c2d969e85eac7c72f3a289385b2707ea3e77217.tar.gz hdf5-7c2d969e85eac7c72f3a289385b2707ea3e77217.tar.bz2