Merge remote-tracking branch 'qatar/release/0.5' into release/0.5

* qatar/release/0.5:
  Release notes and changelog for 0.5.10

Merged-by: Michael Niedermayer <michaelni@gmx.at>

2 files changed, 59 insertions, 8 deletions

diff --git a/Changelog b/Changelog
index 3a66ab0b88..3e4827b08e 100644
--- a/Changelog
+++ b/Changelog
@@ -1,8 +1,39 @@
 Entries are sorted chronologically from oldest to youngest within each release,
 releases are sorted from youngest to oldest.
 
+version 0.5.10:
+
+- mpeg12: do not decode extradata more than once (CVE-2012-2803)
+- vp6: properly fail on unsupported feature (CVE-2012-2783)
+- vp56: release frames on error (CVE-2012-2783)
+- shorten: Use separate pointers for the allocated memory for decoded samples (CVE-2012-0858)
+- shorten: check for realloc failure
+- h264: check context state before decoding slice data partitions
+- oggdec: check memory allocation
+- Fix uninitialized reads on malformed Ogg files
+- lavf: avoid integer overflow in ff_compute_frame_duration()
+- yuv4mpeg: reject unsupported codecs
+- tiffenc: Check av_malloc() results
+- mpegaudiodec: fix short_start calculation
+- h264: avoid stuck buffer pointer in decode_nal_units
+- yuv4mpeg: return proper error codes (Bug 373)
+- avidec: return 0, not packet size from read_packet()
+- cavsdec: check for changing w/h (CVE-2012-2777 and CVE-2012-2784)
+- avidec: use actually read size instead of requested size CVE-2012-2788
+- bytestream: add a new set of bytestream functions with overread checking
+- avsdec: Set dimensions instead of relying on the demuxer (CVE-2012-2801)
+- lavfi: avfilter_merge_formats: handle case where inputs are same
+- bmpdec: only initialize palette for pal8 (Bug 367)
+- Bump version number for the 0.5.10 release
+- lavfi: avfilter_merge_formats: handle case where inputs are same
+- mpegvideo: Don't use ff_mspel_motion() for vc1
+- imgconvert: avoid undefined left shift in avcodec_find_best_pix_fmt
+- nuv: check RTjpeg header for validity
+- vc1dec: add flush function for WMV9 and VC-1 decoders
+
 
 version 0.5.9:
+
 - dpcm: ignore extra unpaired bytes in stereo streams (CVE-2011-3951)
 - h264: Add check for invalid chroma_format_idc (CVE-2012-0851)
 - adpcm: ADPCM Electronic Arts has always two channels (CVE-2012-0852)
diff --git a/RELEASE b/RELEASE
index c934528c9b..0b9bf42c83 100644
--- a/RELEASE
+++ b/RELEASE
@@ -223,12 +223,32 @@ of changes please see the Changelog file.
 General notes
 -------------
 
-This mostly maintenance-only release addresses a number a number of bugs
-such as security and compilation issues that have been brought to our
-attention. Among other fixes, this release features includes security
-updates for the DPCM codecs (CVE-2011-3951), H.264 (CVE-2012-0851),
-ADPCM (CVE-2012-0852), and the KMVC decoder (CVE-2011-3952).
+This mostly maintenance-only release addresses a number of bugs such as
+security and compilation issues that have been brought to our
+attention. Among other fixes, this release includes security updates for
+the DPCM codecs (CVE-2011-3951), H.264 (CVE-2012-0851), ADPCM
+(CVE-2012-0852), and the KMVC decoder (CVE-2011-3952).
 
-Distributors and system integrators are encouraged
-to update and share their patches against this branch.  For a full list
-of changes please see the Changelog file or the git commit history.
+Distributors and system integrators are encouraged to update and share
+their patches against this branch. For a full list of changes please see
+the Changelog file or the Git commit history.
+
+
+
+* 0.5.10 Feb 16, 2013
+
+General notes
+-------------
+
+This maintenance-only release addresses a number of bugs such as
+security and compilation issues that have been brought to our
+attention. Among other fixes, this release includes security updates for
+the mpeg12 codecs (CVE-2012-2803), H.264, VP5/VP6 (CVE-2012-2783,
+CVE-2012-2783), shorten (CVE-2012-0858), CAVS (CVE-2012-2777 and
+CVE-2012-2784), AVS (CVE-2012-2801) and a number of additional safe but
+important bugs in other decoders. Additionally, reported bugs in the
+yuv4mpeg (Bug 373) and BMP decoder (Bug 367) have been addressed.
+
+Distributors and system integrators are encouraged to update and share
+their patches against this branch. For a full list of changes please
+see the Changelog file or the Git commit history.