summaryrefslogtreecommitdiffstats
path: root/release_docs/RELEASE.txt
diff options
context:
space:
mode:
Diffstat (limited to 'release_docs/RELEASE.txt')
-rw-r--r--release_docs/RELEASE.txt13
1 files changed, 13 insertions, 0 deletions
diff --git a/release_docs/RELEASE.txt b/release_docs/RELEASE.txt
index 48fcc3b..bc04d93 100644
--- a/release_docs/RELEASE.txt
+++ b/release_docs/RELEASE.txt
@@ -172,6 +172,18 @@ Bug Fixes since HDF5-1.13.3 release
===================================
Library
-------
+ - Fix CVE-2021-45830 / GHSA-5h2h-fjjr-x9m2
+
+ Make H5O__fsinfo_decode() more resilient to out-of-bound reads.
+
+ When decoding a file space info message in H5O__fsinfo_decode() make
+ sure each element to be decoded is still within the message. Malformed
+ hdf5 files may have trunkated content which does not match the
+ expected size. Checking this will prevent attempting to decode
+ unrelated data and heap overflows. So far, only free space manager
+ address data was checked before decoding.
+
+ (EFE - 2022/10/05 GH-2228)
- Fix CVE-2018-17439 / GHSA-vcxv-vp43-rch7
@@ -185,6 +197,7 @@ Bug Fixes since HDF5-1.13.3 release
(EFE - 2022/09/27 HDFFV-10589, GH-2226)
+
Java Library
------------
-
generated by cgit v0.12 at 2024-07-22 12:03:50 (GMT)