[FFmpeg-cvslog] Release notes and changelog for 0.5.7

Reinhard Tartler git at videolan.org
Thu Jan 12 22:18:12 CET 2012


ffmpeg | branch: release/0.5 | Reinhard Tartler <siretart at tauware.de> | Tue Jan 10 22:22:05 2012 +0100| [15df4428d264287ec1577f92296b178f86cbe14d] | committer: Reinhard Tartler

Release notes and changelog for 0.5.7

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=15df4428d264287ec1577f92296b178f86cbe14d
---

 Changelog |   10 ++++++++++
 RELEASE   |   17 +++++++++++++++++
 2 files changed, 27 insertions(+), 0 deletions(-)

diff --git a/Changelog b/Changelog
index 1d9eb79..89903eb 100644
--- a/Changelog
+++ b/Changelog
@@ -2,6 +2,16 @@ Entries are sorted chronologically from oldest to youngest within each release,
 releases are sorted from youngest to oldest.
 
 
+version 0.5.7:
+- vorbis: An additional defense in the Vorbis codec. (CVE-2011-3895)
+- vorbisdec: Fix decoding bug with channel handling.
+- matroskadec: Fix a bug where a pointer was cached to an array that might
+  later move due to a realloc(). (CVE-2011-3893)
+- vorbis: Avoid some out-of-bounds reads. (CVE-2011-3893)
+- vp3: fix oob read for negative tokens and memleaks on error, (CVE-2011-3892)
+- vp3: fix streams with non-zero last coefficient.
+
+
 version 0.5.6:
 - svq1dec: call avcodec_set_dimensions() after dimensions changed. (NGS00148, CVE-2011-4579)
 - vmd: fix segfaults on corruped streams (CVE-2011-4364)
diff --git a/RELEASE b/RELEASE
index 364a327..e68779b 100644
--- a/RELEASE
+++ b/RELEASE
@@ -170,3 +170,20 @@ release.
 
 Distributors and system integrators are encouraged to update and share
 their patches against this branch.
+
+
+
+* 0.5.7 Jan 11, 2012
+
+General notes
+-------------
+
+This mostly maintenance-only release that addresses a number a number of
+bugs such as security and compilation issues that have been brought to
+our attention. Among other (rather minor) fixes, this release features
+fixes for the VP3 decoder (CVE-2011-3892), vorbis decoder, and matroska
+demuxer (CVE-2011-3893 and CVE-2011-3895).
+
+Distributors and system integrators are encouraged
+to update and share their patches against this branch.  For a full list
+of changes please see the Changelog file.



More information about the ffmpeg-cvslog mailing list