From a8942c7413e939344b1244f041b72def191718f2 Mon Sep 17 00:00:00 2001
From: Dana Robinson <43805+derobins@users.noreply.github.com>
Date: Wed, 9 Nov 2022 17:03:55 -0800
Subject: Adds a release note for PR #2210 (CVE-2019-8396) (#2247)

* Adds a release note for PR #2210 (CVE-2019-8396)

* Capitalization issue fixed
---
 release_docs/RELEASE.txt | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/release_docs/RELEASE.txt b/release_docs/RELEASE.txt
index 47c9730..1b6999d 100644
--- a/release_docs/RELEASE.txt
+++ b/release_docs/RELEASE.txt
@@ -89,6 +89,17 @@ New Features
 
     Library:
     --------
+    - Fix for CVE-2019-8396
+
+      Malformed HDF5 files may have truncated content which does not match
+      the expected size. When H5O__pline_decode() attempts to decode these it
+      may read past the end of the allocated space leading to heap overflows
+      as bounds checking is incomplete.
+
+      The fix ensures each element is within bounds before reading.
+
+      (2022/11/09 - HDFFV-10712, CVE-2019-8396, GitHub #2209)
+
     - Removal of memory allocation sanity checks feature
 
       This feature added heap canaries and statistics tracking for internal
-- 
cgit v0.12