[FFmpeg-cvslog] Release notes and changelog for 0.5.7

Reinhard Tartler git at videolan.org
Fri May 11 22:33:53 CEST 2012


ffmpeg | branch: release/0.5 | Reinhard Tartler <siretart at tauware.de> | Thu May 10 20:15:51 2012 +0200| [79fbcd9f0342823414793bdf09adafd7dd0872eb] | committer: Reinhard Tartler

Release notes and changelog for 0.5.7

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=79fbcd9f0342823414793bdf09adafd7dd0872eb
---

 Changelog |   14 ++++++++++++++
 RELEASE   |   16 ++++++++++++++++
 2 files changed, 30 insertions(+), 0 deletions(-)

diff --git a/Changelog b/Changelog
index 89903eb..c5c5d31 100644
--- a/Changelog
+++ b/Changelog
@@ -2,6 +2,20 @@ Entries are sorted chronologically from oldest to youngest within each release,
 releases are sorted from youngest to oldest.
 
 
+version 0.5.8:
+
+- id3v2: fix skipping extended header in id3v2.4
+- nsvdec: Several bugfixes related to CVE-2011-3940
+- dv: check stype
+- dv: Fix null pointer dereference due to ach=0
+- dv: Fix small stack overread related to CVE-2011-3929 and CVE-2011-3936.
+- atrac3: Fix crash in tonal component decoding, fixes CVE-2012-0853
+- mjpegbdec: Fix overflow in SOS, fixes CVE-2011-3947
+- motionpixels: Clip YUV values after applying a gradient.
+- vqavideo: return error if image size is not a multiple of block size,
+  fixes CVE-2012-0947.
+
+
 version 0.5.7:
 - vorbis: An additional defense in the Vorbis codec. (CVE-2011-3895)
 - vorbisdec: Fix decoding bug with channel handling.
diff --git a/RELEASE b/RELEASE
index e68779b..7c0086c 100644
--- a/RELEASE
+++ b/RELEASE
@@ -187,3 +187,19 @@ demuxer (CVE-2011-3893 and CVE-2011-3895).
 Distributors and system integrators are encouraged
 to update and share their patches against this branch.  For a full list
 of changes please see the Changelog file.
+
+* 0.5.8 May 10, 2012
+
+General notes
+-------------
+
+This maintenance-only release that addresses a number a number of
+security issues that have been brought to our attention. Among other
+(rather minor) fixes, this release features fixes for the DV decoder
+(CVE-2011-3929 and CVE-2011-3936), nsvdec (CVE-2011-3940), Atrac3
+(CVE-2012-0853), mjpegdec (CVE-2011-3947) and the VQA video decoder
+(CVE-2012-0947).
+
+Distributors and system integrators are encouraged
+to update and share their patches against this branch.  For a full list
+of changes please see the Changelog file.



More information about the ffmpeg-cvslog mailing list