[FFmpeg-cvslog] Release notes and changelog for 0.5.6

Reinhard Tartler git at videolan.org
Sun Dec 25 20:30:03 CET 2011


ffmpeg | branch: release/0.5 | Reinhard Tartler <siretart at tauware.de> | Sun Dec 25 09:55:45 2011 +0100| [d0688fdd3101d900a3e3aac4e36bf7ef1eae01ad] | committer: Reinhard Tartler

Release notes and changelog for 0.5.6

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d0688fdd3101d900a3e3aac4e36bf7ef1eae01ad
---

 Changelog |   16 ++++++++++++++++
 RELEASE   |   17 +++++++++++++++++
 2 files changed, 33 insertions(+), 0 deletions(-)

diff --git a/Changelog b/Changelog
index 173cc00..1d9eb79 100644
--- a/Changelog
+++ b/Changelog
@@ -2,6 +2,22 @@ Entries are sorted chronologically from oldest to youngest within each release,
 releases are sorted from youngest to oldest.
 
 
+version 0.5.6:
+- svq1dec: call avcodec_set_dimensions() after dimensions changed. (NGS00148, CVE-2011-4579)
+- vmd: fix segfaults on corruped streams (CVE-2011-4364)
+- commits related to CVE-2011-4353:
+  - vp6: partially propagate huffman tree building errors during coeff model parsing and fix misspelling
+  - Plug some memory leaks in the VP6 decoder
+  - vp6: Reset the internal state when aborting key frames header parsing
+  - vp6: Fix illegal read.
+  - vp6: Fix illegal read.
+  - Fix out of bound reads in the QDM2 decoder.
+- commits related to CVE-2011-4351:
+  - Check for out of bound writes in the QDM2 decoder.
+  - qdm2: check output buffer size before decoding
+  - Fix qdm2 decoder packet handling to match the api
+
+
 version 0.5.5:
 
 - Fix memory (re)allocation in matroskadec.c (MSVR11-011/CVE-2011-3504)
diff --git a/RELEASE b/RELEASE
index 75099ad..364a327 100644
--- a/RELEASE
+++ b/RELEASE
@@ -153,3 +153,20 @@ corrected. Additional, this release contains fixes for compilation with
 gcc-4.6. Distributors and system integrators are encouraged to update
 and share their patches against this branch.
 
+
+
+* 0.5.6 Dec 25, 2011
+
+General notes
+-------------
+
+This maintenance-only release addresses several security issues that
+were brought to our attention. In details, it features fixes for the
+QDM2 decoder (CVE-2011-4351), DoS in the VP5/VP6 decoders
+(CVE-2011-4353), and a buffer overflow in the Sierra VMD decoder
+CVE-2011-4364, and a safety fix in the SVQ1 decoder (CVE-2011-4579).
+CVE-2011-4352, a bug in the VP3 decoder, is not known to affect this
+release.
+
+Distributors and system integrators are encouraged to update and share
+their patches against this branch.



More information about the ffmpeg-cvslog mailing list