[FFmpeg-cvslog] Release notes and changelog for 0.6.5

Reinhard Tartler git at videolan.org
Thu Jan 12 22:08:35 CET 2012 

ffmpeg | branch: release/0.6 | Reinhard Tartler <siretart at tauware.de> | Tue Jan 10 21:03:20 2012 +0100| [62c473934822afd317dfef27754a0ff71f58ce2a] | committer: Reinhard Tartler

Release notes and changelog for 0.6.5

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=62c473934822afd317dfef27754a0ff71f58ce2a
---

 Changelog |   10 ++++++++++
 RELEASE   |   16 ++++++++++++++++
 2 files changed, 26 insertions(+), 0 deletions(-)

diff --git a/Changelog b/Changelog
index 7e9ce5d..11a554b 100644
--- a/Changelog
+++ b/Changelog
@@ -1,6 +1,16 @@
 Entries are sorted chronologically from oldest to youngest within each release,
 releases are sorted from youngest to oldest.
 
+version 0.6.5:
+- vorbis: An additional defense in the Vorbis codec. (CVE-2011-3895)
+- vorbisdec: Fix decoding bug with channel handling.
+- matroskadec: Fix a bug where a pointer was cached to an array that might
+  later move due to a realloc(). (CVE-2011-3893)
+- vorbis: Avoid some out-of-bounds reads. (CVE-2011-3893)
+- vp3: fix oob read for negative tokens and memleaks on error, (CVE-2011-3892)
+- vp3: fix streams with non-zero last coefficient.
+
+
 version 0.6.4:
 - 4xm: Add a check in decode_i_frame to prevent buffer overreads
 - wma: initialize prev_block_len_bits, next_block_len_bits, and block_len_bits.
diff --git a/RELEASE b/RELEASE
index 8193b28..cd18270 100644
--- a/RELEASE
+++ b/RELEASE
@@ -176,3 +176,19 @@ Sierra VMD decoder CVE-2011-4364, and a safety fix in the svq1 decoder
 Distributors and system integrators are encouraged
 to update and share their patches against this branch.  For a full list
 of changes please see the Changelog file.
+
+
+* 0.6.5
+
+General notes
+-------------
+
+This mostly maintenance-only release that addresses a number a number of
+bugs such as security and compilation issues that have been brought to
+our attention. Among other (rather minor) fixes, this release features
+fixes for the VP3 decoder (CVE-2011-3892), vorbis decoder, and matroska
+demuxer (CVE-2011-3893 and CVE-2011-3895).
+
+Distributors and system integrators are encouraged
+to update and share their patches against this branch.  For a full list
+of changes please see the Changelog file.

More information about the ffmpeg-cvslog mailing list