summaryrefslogtreecommitdiffstats
path: root/release_docs/RELEASE.txt
diff options
context:
space:
mode:
Diffstat (limited to 'release_docs/RELEASE.txt')
-rw-r--r--release_docs/RELEASE.txt39
1 files changed, 25 insertions, 14 deletions
diff --git a/release_docs/RELEASE.txt b/release_docs/RELEASE.txt
index c0d5c36..b12068c 100644
--- a/release_docs/RELEASE.txt
+++ b/release_docs/RELEASE.txt
@@ -166,24 +166,11 @@ New Features
Support for new platforms, languages and compilers
==================================================
-
-
-
+
Bug Fixes since HDF5-1.13.3 release
===================================
Library
-------
- - Fix CVE-2021-46242 / GHSA-x9pw-hh7v-wjpf
-
- When evicting driver info block, NULL the corresponding entry.
-
- Since H5C_expunge_entry() called (from H5AC_expunge_entry()) sets the flag
- H5C__FLUSH_INVALIDATE_FLAG, the driver info block will be freed. NULLing
- the pointer in f->shared->drvinfo will prevent use-after-free when it is
- used in other functions (like H5F__dest()) - as other places will check
- whether the pointer is initialized before using its value.
-
- (EFE - 2022/09/29 GH-2254)
-
- Fix CVE-2018-13867 / GHSA-j8jr-chrh-qfrf
Validate location (offset) of the accumulated metadata when comparing.
@@ -212,6 +199,17 @@ Bug Fixes since HDF5-1.13.3 release
(EFE - 2022/10/09 GH-2233)
+ - CVE-2021-46244 / GHSA-vrxh-5gxg-rmhm
+
+ Compound datatypes may not have members of size 0
+
+ A member size of 0 may lead to an FPE later on as reported in
+ CVE-2021-46244. To avoid this, check for this as soon as the
+ member is decoded.
+
+ (EFE - 2022/10/05 GEH-2242)
+
+
- Fix CVE-2021-45830 / GHSA-5h2h-fjjr-x9m2
Make H5O__fsinfo_decode() more resilient to out-of-bound reads.
@@ -225,6 +223,18 @@ Bug Fixes since HDF5-1.13.3 release
(EFE - 2022/10/05 GH-2228)
+ - Fix CVE-2021-46242 / GHSA-x9pw-hh7v-wjpf
+
+ When evicting driver info block, NULL the corresponding entry.
+
+ Since H5C_expunge_entry() called (from H5AC_expunge_entry()) sets the flag
+ H5C__FLUSH_INVALIDATE_FLAG, the driver info block will be freed. NULLing
+ the pointer in f->shared->drvinfo will prevent use-after-free when it is
+ used in other functions (like H5F__dest()) - as other places will check
+ whether the pointer is initialized before using its value.
+
+ (EFE - 2022/09/29 GH-2254)
+
- Fix CVE-2021-45833 / GHSA-x57p-jwp6-4v79
Report error if dimensions of chunked storage in data layout < 2
@@ -264,6 +274,7 @@ Bug Fixes since HDF5-1.13.3 release
(EFE - 2022/09/27 HDFFV-10589, GH-2226)
+
Java Library
------------
-