summaryrefslogtreecommitdiffstats
path: root/release_docs
diff options
context:
space:
mode:
Diffstat (limited to 'release_docs')
-rw-r--r--release_docs/RELEASE.txt50
1 files changed, 48 insertions, 2 deletions
diff --git a/release_docs/RELEASE.txt b/release_docs/RELEASE.txt
index 13c4b5a..72afd84 100644
--- a/release_docs/RELEASE.txt
+++ b/release_docs/RELEASE.txt
@@ -533,6 +533,26 @@ Bug Fixes since HDF5-1.10.1 release
(DER - 2018/02/26, HDFFV-10355)
+ - If an HDF5 file contains a malformed compound datatype with a
+ suitably large offset, the type conversion code can run off
+ the end of the type conversion buffer, causing a segmentation
+ fault.
+
+ This issue was reported to The HDF Group as issue #CVE-2017-17507.
+
+ NOTE: The HDF5 C library cannot produce such a file. This condition
+ should only occur in a corrupt (or deliberately altered) file
+ or a file created by third-party software.
+
+ THE HDF GROUP WILL NOT FIX THIS BUG AT THIS TIME
+
+ Fixing this problem would involve updating the publicly visible
+ H5T_conv_t function pointer typedef and versioning the API calls
+ which use it. We normally only modify the public API during
+ major releases, so this bug will not be fixed at this time.
+
+ (DER - 2018/02/26, HDFFV-10356)
+
- If an HDF5 file contains a malformed compound type which contains
a member of size zero, a division by zero error will occur while
processing the type.
@@ -548,6 +568,23 @@ Bug Fixes since HDF5-1.10.1 release
(DER - 2018/02/26, HDFFV-10357)
+ - If an HDF5 file contains a malformed symbol table node that declares
+ it contains more symbols than it actually contains, the library
+ can run off the end of the metadata cache buffer while processing
+ the symbol table node.
+
+ This issue was reported to The HDF Group as issue #CVE-2017-17509.
+
+ NOTE: The HDF5 C library cannot produce such a file. This condition
+ should only occur in a corrupt (or deliberately altered) file
+ or a file created by third-party software.
+
+ Performing bounds checks on the buffer while processing fixes the
+ problem. Instead of the segmentation fault, the normal HDF5 error
+ handling is invoked.
+
+ (DER - 2018/03/12, HDFFV-10358)
+
Configuration
-------------
- CMake
@@ -858,11 +895,20 @@ Bug Fixes since HDF5-1.10.1 release
C++ APIs
--------
- -
+ - Removal of memory leaks
+
+ A private function was inadvertently called, causing memory leaks. This
+ is now fixed.
+
+ (BMR - 2018/03/12 - User's reported in email)
Testing
-------
- -
+ - Memory for three variables in testphdf5's coll_write_test was malloced
+ but not freed, leaking memory when running the test. The variables'
+ memory is now freed.
+
+ (LRK - 2018/03/12, HDFFV-10397)
Supported Platforms
===================