[FFmpeg-cvslog] Release notes and changelog for 0.5.6
Reinhard Tartler
git at videolan.org
Sun Dec 25 20:30:03 CET 2011
ffmpeg | branch: release/0.5 | Reinhard Tartler <siretart at tauware.de> | Sun Dec 25 09:55:45 2011 +0100| [d0688fdd3101d900a3e3aac4e36bf7ef1eae01ad] | committer: Reinhard Tartler
Release notes and changelog for 0.5.6
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d0688fdd3101d900a3e3aac4e36bf7ef1eae01ad
---
Changelog | 16 ++++++++++++++++
RELEASE | 17 +++++++++++++++++
2 files changed, 33 insertions(+), 0 deletions(-)
diff --git a/Changelog b/Changelog
index 173cc00..1d9eb79 100644
--- a/Changelog
+++ b/Changelog
@@ -2,6 +2,22 @@ Entries are sorted chronologically from oldest to youngest within each release,
releases are sorted from youngest to oldest.
+version 0.5.6:
+- svq1dec: call avcodec_set_dimensions() after dimensions changed. (NGS00148, CVE-2011-4579)
+- vmd: fix segfaults on corruped streams (CVE-2011-4364)
+- commits related to CVE-2011-4353:
+ - vp6: partially propagate huffman tree building errors during coeff model parsing and fix misspelling
+ - Plug some memory leaks in the VP6 decoder
+ - vp6: Reset the internal state when aborting key frames header parsing
+ - vp6: Fix illegal read.
+ - vp6: Fix illegal read.
+ - Fix out of bound reads in the QDM2 decoder.
+- commits related to CVE-2011-4351:
+ - Check for out of bound writes in the QDM2 decoder.
+ - qdm2: check output buffer size before decoding
+ - Fix qdm2 decoder packet handling to match the api
+
+
version 0.5.5:
- Fix memory (re)allocation in matroskadec.c (MSVR11-011/CVE-2011-3504)
diff --git a/RELEASE b/RELEASE
index 75099ad..364a327 100644
--- a/RELEASE
+++ b/RELEASE
@@ -153,3 +153,20 @@ corrected. Additional, this release contains fixes for compilation with
gcc-4.6. Distributors and system integrators are encouraged to update
and share their patches against this branch.
+
+
+* 0.5.6 Dec 25, 2011
+
+General notes
+-------------
+
+This maintenance-only release addresses several security issues that
+were brought to our attention. In details, it features fixes for the
+QDM2 decoder (CVE-2011-4351), DoS in the VP5/VP6 decoders
+(CVE-2011-4353), and a buffer overflow in the Sierra VMD decoder
+CVE-2011-4364, and a safety fix in the SVQ1 decoder (CVE-2011-4579).
+CVE-2011-4352, a bug in the VP3 decoder, is not known to affect this
+release.
+
+Distributors and system integrators are encouraged to update and share
+their patches against this branch.
More information about the ffmpeg-cvslog
mailing list