diff options
| author | Michael Niedermayer <michaelni@gmx.at> | 2011-12-25 23:19:13 +0400 |
|---|---|---|
| committer | Michael Niedermayer <michaelni@gmx.at> | 2011-12-25 23:19:13 +0400 |
| commit | 8755a7890ec60d26c387db5cb48470bcf1f6630e (patch) | |
| tree | 26e2dd3383cf753020e993d3c4b07e0faa3815a3 | |
| parent | 0e05292a6c443bc3eec160d5b0af107bb91e074d (diff) | |
| parent | d0688fdd3101d900a3e3aac4e36bf7ef1eae01ad (diff) | |
Merge remote-tracking branch 'qatar/release/0.5' into release/0.5
* qatar/release/0.5:
Release notes and changelog for 0.5.6
Conflicts:
RELEASE
Merged-by: Michael Niedermayer <michaelni@gmx.at>
| -rw-r--r-- | Changelog | 16 | ||||
| -rw-r--r-- | RELEASE | 17 |
2 files changed, 33 insertions, 0 deletions
@@ -2,6 +2,22 @@ Entries are sorted chronologically from oldest to youngest within each release, releases are sorted from youngest to oldest. +version 0.5.6: +- svq1dec: call avcodec_set_dimensions() after dimensions changed. (NGS00148, CVE-2011-4579) +- vmd: fix segfaults on corruped streams (CVE-2011-4364) +- commits related to CVE-2011-4353: + - vp6: partially propagate huffman tree building errors during coeff model parsing and fix misspelling + - Plug some memory leaks in the VP6 decoder + - vp6: Reset the internal state when aborting key frames header parsing + - vp6: Fix illegal read. + - vp6: Fix illegal read. + - Fix out of bound reads in the QDM2 decoder. +- commits related to CVE-2011-4351: + - Check for out of bound writes in the QDM2 decoder. + - qdm2: check output buffer size before decoding + - Fix qdm2 decoder packet handling to match the api + + version 0.5.5: - Fix memory (re)allocation in matroskadec.c (MSVR11-011/CVE-2011-3504) @@ -163,3 +163,20 @@ General notes This maintenance-only release addresses several security issues that were brought to our attention. + + +* 0.5.7 Dec 25, 2011 + +General notes +------------- + +This maintenance-only release addresses several security issues that +were brought to our attention. In details, it features fixes for the +QDM2 decoder (CVE-2011-4351), DoS in the VP5/VP6 decoders +(CVE-2011-4353), and a buffer overflow in the Sierra VMD decoder +CVE-2011-4364, and a safety fix in the SVQ1 decoder (CVE-2011-4579). +CVE-2011-4352, a bug in the VP3 decoder, is not known to affect this +release. + +Distributors and system integrators are encouraged to update and share +their patches against this branch. |