diff options
Diffstat (limited to 'release_docs/RELEASE.txt')
| -rw-r--r-- | release_docs/RELEASE.txt | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/release_docs/RELEASE.txt b/release_docs/RELEASE.txt index e3cfd08..77a0d8b 100644 --- a/release_docs/RELEASE.txt +++ b/release_docs/RELEASE.txt @@ -283,6 +283,18 @@ Bug Fixes since HDF5-1.14.0 release =================================== Library ------- + - Fixed an assertion in a previous fix for CVE-2016-4332 + + An assert could fail when processing corrupt files that have invalid + shared message flags (as in CVE-2016-4332). + + The assert statement in question has been replaced with pointer checks + that don't raise errors. Since the function is in cleanup code, we do + our best to close and free things, even when presented with partially + initialized structs. + + Fixes CVE-2016-4332 and HDFFV-9950 (confirmed via the cve_hdf5 repo) + - Fixed a file space allocation bug in the parallel library for chunked datasets |