From 62c473934822afd317dfef27754a0ff71f58ce2a Mon Sep 17 00:00:00 2001 From: Reinhard Tartler Date: Tue, 10 Jan 2012 21:03:20 +0100 Subject: [PATCH] Release notes and changelog for 0.6.5 --- Changelog | 10 ++++++++++ RELEASE | 16 ++++++++++++++++ 2 files changed, 26 insertions(+) diff --git a/Changelog b/Changelog index 7e9ce5dc15..11a554b28c 100644 --- a/Changelog +++ b/Changelog @@ -1,6 +1,16 @@ Entries are sorted chronologically from oldest to youngest within each release, releases are sorted from youngest to oldest. +version 0.6.5: +- vorbis: An additional defense in the Vorbis codec. (CVE-2011-3895) +- vorbisdec: Fix decoding bug with channel handling. +- matroskadec: Fix a bug where a pointer was cached to an array that might + later move due to a realloc(). (CVE-2011-3893) +- vorbis: Avoid some out-of-bounds reads. (CVE-2011-3893) +- vp3: fix oob read for negative tokens and memleaks on error, (CVE-2011-3892) +- vp3: fix streams with non-zero last coefficient. + + version 0.6.4: - 4xm: Add a check in decode_i_frame to prevent buffer overreads - wma: initialize prev_block_len_bits, next_block_len_bits, and block_len_bits. diff --git a/RELEASE b/RELEASE index 8193b2877b..cd18270ca4 100644 --- a/RELEASE +++ b/RELEASE @@ -176,3 +176,19 @@ Sierra VMD decoder CVE-2011-4364, and a safety fix in the svq1 decoder Distributors and system integrators are encouraged to update and share their patches against this branch. For a full list of changes please see the Changelog file. + + +* 0.6.5 + +General notes +------------- + +This mostly maintenance-only release that addresses a number a number of +bugs such as security and compilation issues that have been brought to +our attention. Among other (rather minor) fixes, this release features +fixes for the VP3 decoder (CVE-2011-3892), vorbis decoder, and matroska +demuxer (CVE-2011-3893 and CVE-2011-3895). + +Distributors and system integrators are encouraged +to update and share their patches against this branch. For a full list +of changes please see the Changelog file.