Merge pull request #945 in HDFFV/hdf5 from ~DEROBINS/hdf5_der:hdffv_10358 to develop

* commit 'b877534a330a201e3b5c51d97daa8e01a5c1cd3a':
  Added a fix for HDFFV-10358.

1 files changed, 17 insertions, 0 deletions

diff --git a/release_docs/RELEASE.txt b/release_docs/RELEASE.txt
index 1f4a357..e108ed8 100644
--- a/release_docs/RELEASE.txt
+++ b/release_docs/RELEASE.txt
@@ -377,6 +377,23 @@ Bug Fixes since HDF5-1.10.1 release
 
       (DER - 2018/02/26, HDFFV-10357)
 
+    - If an HDF5 file contains a malformed symbol table node that declares
+      it contains more symbols than it actually contains, the library
+      can run off the end of the metadata cache buffer while processing
+      the symbol table node.
+
+      This issue was reported to The HDF Group as issue #CVE-2017-17509.
+
+      NOTE: The HDF5 C library cannot produce such a file. This condition
+            should only occur in a corrupt (or deliberately altered) file
+            or a file created by third-party software.
+
+      Performing bounds checks on the buffer while processing fixes the
+      problem. Instead of the segmentation fault, the normal HDF5 error
+      handling is invoked.
+
+      (DER - 2018/03/12, HDFFV-10358)
+
     Configuration
     -------------
     - CMake