summaryrefslogtreecommitdiffstats
path: root/release_docs
diff options
context:
space:
mode:
Diffstat (limited to 'release_docs')
-rw-r--r--release_docs/RELEASE.txt20
1 files changed, 20 insertions, 0 deletions
diff --git a/release_docs/RELEASE.txt b/release_docs/RELEASE.txt
index 0d3c2a5..242d3e6 100644
--- a/release_docs/RELEASE.txt
+++ b/release_docs/RELEASE.txt
@@ -707,6 +707,26 @@ Bug Fixes since HDF5-1.12.0 release
===================================
Library
-------
+ - Fixed CVE-2018-17435
+
+ The tool h5dump produced a segfault when the size of a fill value
+ message was corrupted and caused a buffer overflow.
+
+ The problem was fixed by verifying the fill value's size
+ against the buffer size before attempting to access the buffer.
+
+ (BMR - 2021/03/15, HDFFV-10480)
+
+ - Fixed CVE-2018-14033 (same issue as CVE-2020-10811)
+
+ The tool h5dump produced a segfault when the storage size message
+ was corrupted and caused a buffer overflow.
+
+ The problem was fixed by verifying the storage size against the
+ buffer size before attempting to access the buffer.
+
+ (BMR - 2021/03/15, HDFFV-11159/HDFFV-11049)
+
- Remove underscores on header file guards
Header file guards used a variety of underscores at the beginning of the define.