1 files changed, 48 insertions, 2 deletions

diff --git a/release_docs/RELEASE.txt b/release_docs/RELEASE.txt
index 13c4b5a..72afd84 100644
--- a/release_docs/RELEASE.txt
+++ b/release_docs/RELEASE.txt
@@ -533,6 +533,26 @@ Bug Fixes since HDF5-1.10.1 release
 
       (DER - 2018/02/26, HDFFV-10355)
 
+    - If an HDF5 file contains a malformed compound datatype with a
+      suitably large offset, the type conversion code can run off
+      the end of the type conversion buffer, causing a segmentation
+      fault.
+
+      This issue was reported to The HDF Group as issue #CVE-2017-17507.
+
+      NOTE: The HDF5 C library cannot produce such a file. This condition
+            should only occur in a corrupt (or deliberately altered) file
+            or a file created by third-party software.
+
+      THE HDF GROUP WILL NOT FIX THIS BUG AT THIS TIME
+
+      Fixing this problem would involve updating the publicly visible
+      H5T_conv_t function pointer typedef and versioning the API calls
+      which use it. We normally only modify the public API during
+      major releases, so this bug will not be fixed at this time.
+
+      (DER - 2018/02/26, HDFFV-10356)
+
     - If an HDF5 file contains a malformed compound type which contains
       a member of size zero, a division by zero error will occur while
       processing the type.
@@ -548,6 +568,23 @@ Bug Fixes since HDF5-1.10.1 release
 
       (DER - 2018/02/26, HDFFV-10357)
 
+    - If an HDF5 file contains a malformed symbol table node that declares
+      it contains more symbols than it actually contains, the library
+      can run off the end of the metadata cache buffer while processing
+      the symbol table node.
+
+      This issue was reported to The HDF Group as issue #CVE-2017-17509.
+
+      NOTE: The HDF5 C library cannot produce such a file. This condition
+            should only occur in a corrupt (or deliberately altered) file
+            or a file created by third-party software.
+
+      Performing bounds checks on the buffer while processing fixes the
+      problem. Instead of the segmentation fault, the normal HDF5 error
+      handling is invoked.
+
+      (DER - 2018/03/12, HDFFV-10358)
+
     Configuration
     -------------
     - CMake
@@ -858,11 +895,20 @@ Bug Fixes since HDF5-1.10.1 release
 
     C++ APIs
     --------
-    -
+    - Removal of memory leaks
+
+      A private function was inadvertently called, causing memory leaks.  This
+      is now fixed.
+
+      (BMR - 2018/03/12 - User's reported in email)
 
     Testing
     -------
-    -
+    - Memory for three variables in testphdf5's coll_write_test was malloced 
+      but not freed, leaking memory when running the test.  The variables' 
+      memory is now freed.
+
+      (LRK - 2018/03/12, HDFFV-10397)
 
 Supported Platforms
 ===================