Release notes and changelog for 0.6.4

2 files changed, 77 insertions, 0 deletions

diff --git a/Changelog b/Changelog
index f0d163bb36..7e9ce5dc15 100644
--- a/Changelog
+++ b/Changelog
@@ -1,6 +1,65 @@
 Entries are sorted chronologically from oldest to youngest within each release,
 releases are sorted from youngest to oldest.
 
+version 0.6.4:
+- 4xm: Add a check in decode_i_frame to prevent buffer overreads
+- wma: initialize prev_block_len_bits, next_block_len_bits, and block_len_bits.
+- swscale: #include "libavutil/mathematics.h"
+- vp3dec: Check coefficient index in vp3_dequant() (CVE-2011-4352)
+- svq1dec: call avcodec_set_dimensions() after dimensions changed. (CVE-2011-4579)
+- commits related to CVE-2011-4353:
+  - vp6: Fix illegal read.
+  - vp6: Reset the internal state when aborting key frames header parsing
+  - vp6: Check for huffman tree build errors
+  - vp6: partially propagate huffman tree building errors during coeff model parsing and fix misspelling
+- commits related to CVE-2011-4351:
+  - qdm2: check output buffer size before decoding
+  - Fix qdm2 decoder packet handling to match the api
+  - Fix out of bound reads in the QDM2 decoder.
+  - Check for out of bound writes in the QDM2 decoder.
+- vmd: fix segfaults on corruped streams (CVE-2011-4364)
+- rv34: Check for invalid slice offsets
+- rv34: Fix potential overreads
+- rv34: Avoid NULL dereference on corrupted bitstream
+- rv10: Reject slices that does not have the same type as the first one
+- oggdec: fix out of bound write in the ogg demuxer
+- smacker: fix a few off by 1 errors
+- Check for invalid VLC value in smacker decoder.
+- Check and propagate errors when VLC trees cannot be built in smacker decoder.
+- Fixed off by one packet size allocation in the smacker demuxer.
+- Check for invalid packet size in the smacker demuxer.
+- ape demuxer: fix segfault on memory allocation failure.
+- Fixed size given to init_get_bits() in xan decoder.
+- smacker demuxer: handle possible av_realloc() failure.
+- Fixed segfault with wavpack decoder on corrupted decorrelation terms sub-blocks.
+- indeo2: fail if input buffer too small
+- indeo2: init_get_bits size in bits instead of bytes
+- wavpack: Check error codes rather than working around error conditions.
+- Fixed invalid writes and reads in wavpack decoder on corrupted bitstreams.
+- cpu detection: avoid a signed overflow
+- h264: correct implicit weight table computation for long ref pics
+- h264: correct the check for invalid long term frame index in MMCO decode
+- rv10/20: tell decoder to use edge emulation
+- flvenc: use int64_t to store offsets
+- VC-1: fix reading of custom PAR.
+- h264: notice memory allocation failure
+- libx264: do not set pic quality if no frame is output
+- mxfdec: Include FF_INPUT_BUFFER_PADDING_SIZE when allocating extradata.
+- rv30: return AVERROR(EINVAL) instead of EINVAL
+- Do not decode RV30 files if the extradata is too small
+- aacps: skip some memcpy() if src and dst would be equal
+- mpegts: fix Continuity Counter error detection
+- alsa: fallback to buffer_size/4 for period_size.
+- mxfenc: fix ignored drop flag in binary timecode representation.
+- dca: set AVCodecContext frame_size for DTS audio
+- H.264: fix overreads of qscale_table
+- postprocess.c: filter name needs to be double 0 terminated
+- Replace strncpy() with av_strlcpy() in libpostproc.
+- jpegdec: actually search for and parse RSTn
+- riff: Add mpgv MPEG-2 fourcc
+- Added M701 codec_tag for mpeg2video
+
+
 version 0.6.3:
 
 - fix compilation with --enable-hardcoded-tables
diff --git a/RELEASE b/RELEASE
index 97f04d6ae6..8193b2877b 100644
--- a/RELEASE
+++ b/RELEASE
@@ -158,3 +158,21 @@ been backported from the Libav 0.7.2 release. Distributors and system
 integrators are encouraged to update and share their patches against
 this branch.
 For a full list of changes please see the Changelog file.
+
+
+* 0.6.4
+
+General notes
+-------------
+
+This mostly maintenance-only release that addresses a number a number of
+bugs such as security and compilation issues that have been brought to
+our attention. Among other (rather minor) fixes, this release features
+fixes for the QDM2 decoder (CVE-2011-4351), vp3 decoder (CVE-2011-4352),
+DoS in the VP5/VP6 decoders (CVE-2011-4353), a buffer overflow in the
+Sierra VMD decoder CVE-2011-4364, and a safety fix in the svq1 decoder
+(CVE-2011-4579).
+
+Distributors and system integrators are encouraged
+to update and share their patches against this branch.  For a full list
+of changes please see the Changelog file.