[FFmpeg-cvslog] Release notes and changelog for 0.5.5
Reinhard Tartler
git at videolan.org
Sun Nov 6 01:51:16 CET 2011
ffmpeg | branch: release/0.5 | Reinhard Tartler <siretart at tauware.de> | Sat Nov 5 12:53:16 2011 +0100| [0f2735e839f33af4fe9e2120f908eb31cdfedc34] | committer: Reinhard Tartler
Release notes and changelog for 0.5.5
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=0f2735e839f33af4fe9e2120f908eb31cdfedc34
---
Changelog | 11 +++++++++++
RELEASE | 16 ++++++++++++++++
2 files changed, 27 insertions(+), 0 deletions(-)
diff --git a/Changelog b/Changelog
index fbbabc2..173cc00 100644
--- a/Changelog
+++ b/Changelog
@@ -1,6 +1,17 @@
Entries are sorted chronologically from oldest to youngest within each release,
releases are sorted from youngest to oldest.
+
+version 0.5.5:
+
+- Fix memory (re)allocation in matroskadec.c (MSVR11-011/CVE-2011-3504)
+- Fix some crashes with invalid bitstreams in the CAVS decoder
+ (CVE-2011-3362, CVE-2011-3973, CVE-2011-3974)
+- Compilation fixes for gcc-4.6, testsuite now passes again
+- Detect and handle overreads in the MJPEG decoder.
+
+
+
version 0.5.4:
- Fix memory corruption in WMV parsing (addresses CVE-2010-3908)
diff --git a/RELEASE b/RELEASE
index 2f7e2c6..75099ad 100644
--- a/RELEASE
+++ b/RELEASE
@@ -137,3 +137,19 @@ maintenance-only release that addresses several security issues that were
brought to our attention. In detail, fixes for RV30/40, WMV, Vorbis and
VC-1 have been backported from trunk. Distributors and system integrators
are encouraged to update and share their patches against this branch.
+
+
+
+* 0.5.5 Nov 11, 2011
+
+General notes
+-------------
+
+This maintenance-only release addresses several security issues that
+were brought to our attention. In detail, fixes for the MJPEG decoder,
+the CAVS decoder (CVE-2011-3362, CVE-2011-3973, CVE-2011-3974), and the
+Matroska decoder (MSVR11-011/CVE-2011-3504) have been
+corrected. Additional, this release contains fixes for compilation with
+gcc-4.6. Distributors and system integrators are encouraged to update
+and share their patches against this branch.
+
More information about the ffmpeg-cvslog
mailing list