diff options
Diffstat (limited to 'release_docs/RELEASE.txt')
-rw-r--r-- | release_docs/RELEASE.txt | 34 |
1 files changed, 31 insertions, 3 deletions
diff --git a/release_docs/RELEASE.txt b/release_docs/RELEASE.txt index 836d1a1..5ff697c 100644 --- a/release_docs/RELEASE.txt +++ b/release_docs/RELEASE.txt @@ -355,14 +355,42 @@ Bug Fixes since HDF5-1.10.3 release (JTH - 2018/08/25, HDFFV-10501) - - There was an incorrect protection against division by zero reported - to The HDF Group as issue #CVE-2018-17233. + - There was missing protection against division by zero reported to + The HDF Group as issue #CVE-2018-17233. Protection against division by zero was added to address the issue #CVE-2018-17233. In addition, several similar occurrences in the same file were fixed as well. - (BMR - 2018/02/26, HDFFV-10577) + (BMR - 2018/12/23, HDFFV-10577) + + - There was missing protection against division by zero reported to + The HDF Group as issue #CVE-2018-17434. + + Protection against division by zero was added to address the issue + #CVE-2018-17434. + + (BMR - 2019/01/29, HDFFV-10586) + + - The issue CVE-2018-17437 was reported to The HDF Group + + Although CVE-2018-17437 reported memory leak, the actual issues + were invalid read. It was found that the attribute name length + in an attribute message was corrupted, which caused the buffer + pointer to be advanced too far and later caused an invalid read. + + A check was added to detect when the attribute name or its length + was corrupted and report the potential of data corruption. + + (BMR - 2019/01/29, HDFFV-10588) + + - H5Ewalk did not stop when it was supposed to + + H5Ewalk was supposed to stop when the callback function stopped + even though the errors in the stack were not all visited, but it + did not. This problem is now fixed. + + (BMR - 2019/01/29, HDFFV-10684) Java Library: |