diff --git a/Changelog b/Changelog index 31e3bd5b21..e40599cedb 100644 --- a/Changelog +++ b/Changelog @@ -3,11 +3,11 @@ releases are sorted from youngest to oldest. version 0.5.4: -- Fix memory corruption in wmv parsing (addresses CVE-2010-3908) +- Fix memory corruption in WMV parsing (addresses CVE-2010-3908) - Fix heap corruption crashes (addresses CVE-2011-0722) -- Fix crashes in vorbis decoding found by zzuf (addresses CVE-2010-4704) -- Fix another crash in vorbis decoding (addresses CVE-2011-0480, Chrome issue 68115) -- Fix invalid reads in vc1 decoding (related to CVE-2011-0723) +- Fix crashes in Vorbis decoding found by zzuf (addresses CVE-2010-4704) +- Fix another crash in Vorbis decoding (addresses CVE-2011-0480, Chrome issue 68115) +- Fix invalid reads in VC-1 decoding (related to CVE-2011-0723) @@ -23,7 +23,7 @@ version 0.5.3: version 0.5.2: - Hurd support -- PowerPC without Altivec compilation issues +- PowerPC without AltiVec compilation issues - validate channels and samplerate in the Vorbis decoder diff --git a/RELEASE b/RELEASE index 6b769f80d7..09d4bd397a 100644 --- a/RELEASE +++ b/RELEASE @@ -109,7 +109,7 @@ FFmpeg library. General notes ------------- -This is a maintenance only release that addresses a small number of security +This is a maintenance-only release that addresses a small number of security and portability issues. Distributors and system integrators are encouraged to update and share their patches against this branch. @@ -120,20 +120,20 @@ to update and share their patches against this branch. General notes ------------- -This is (again) another maintenance only release that addresses a fix +This is (again) another maintenance-only release that addresses a fix for seekable HTTP and an exploitable bug in the FLIC decoder (cf. CVE-2010-3429 for details). Distributors and system integrators are encouraged to update and share their patches against this branch. -* 0.5.4 Feb 20, 2011 +* 0.5.4 Feb 24, 2011 General notes ------------- This is the first release that we cut after git migration. It is another -maintenance only release that addresses several security issue that have +maintenance-only release that addresses several security issues that were brought to our attention. In detail, fixes for RV30/40, WMV, Vorbis and -VC1 have been backported for trunk. Distributors and system integrators +VC-1 have been backported from trunk. Distributors and system integrators are encouraged to update and share their patches against this branch.