diff options
| author | Reinhard Tartler <siretart@tauware.de> | 2011-12-25 09:55:45 +0100 |
|---|---|---|
| committer | Reinhard Tartler <siretart@tauware.de> | 2011-12-25 10:18:18 +0100 |
| commit | d0688fdd3101d900a3e3aac4e36bf7ef1eae01ad (patch) | |
| tree | b82d1cb97e6178a7db00dc72eeb40fc45e8e9524 | |
| parent | 23f228a0d0ad3049a99dbf586e4139d86b6297be (diff) | |
| download | ffmpeg-d0688fdd3101d900a3e3aac4e36bf7ef1eae01ad.tar.gz | |
Release notes and changelog for 0.5.6
| -rw-r--r-- | Changelog | 16 | ||||
| -rw-r--r-- | RELEASE | 17 |
2 files changed, 33 insertions, 0 deletions
@@ -2,6 +2,22 @@ Entries are sorted chronologically from oldest to youngest within each release, releases are sorted from youngest to oldest. +version 0.5.6: +- svq1dec: call avcodec_set_dimensions() after dimensions changed. (NGS00148, CVE-2011-4579) +- vmd: fix segfaults on corruped streams (CVE-2011-4364) +- commits related to CVE-2011-4353: + - vp6: partially propagate huffman tree building errors during coeff model parsing and fix misspelling + - Plug some memory leaks in the VP6 decoder + - vp6: Reset the internal state when aborting key frames header parsing + - vp6: Fix illegal read. + - vp6: Fix illegal read. + - Fix out of bound reads in the QDM2 decoder. +- commits related to CVE-2011-4351: + - Check for out of bound writes in the QDM2 decoder. + - qdm2: check output buffer size before decoding + - Fix qdm2 decoder packet handling to match the api + + version 0.5.5: - Fix memory (re)allocation in matroskadec.c (MSVR11-011/CVE-2011-3504) @@ -153,3 +153,20 @@ corrected. Additional, this release contains fixes for compilation with gcc-4.6. Distributors and system integrators are encouraged to update and share their patches against this branch. + + +* 0.5.6 Dec 25, 2011 + +General notes +------------- + +This maintenance-only release addresses several security issues that +were brought to our attention. In details, it features fixes for the +QDM2 decoder (CVE-2011-4351), DoS in the VP5/VP6 decoders +(CVE-2011-4353), and a buffer overflow in the Sierra VMD decoder +CVE-2011-4364, and a safety fix in the SVQ1 decoder (CVE-2011-4579). +CVE-2011-4352, a bug in the VP3 decoder, is not known to affect this +release. + +Distributors and system integrators are encouraged to update and share +their patches against this branch. |