Release notes and changelog for 0.5.6

Changelog

@@ -2,6 +2,22 @@ Entries are sorted chronologically from oldest to youngest within each release,
 releases are sorted from youngest to oldest.
 
 
+version 0.5.6:
+- svq1dec: call avcodec_set_dimensions() after dimensions changed. (NGS00148, CVE-2011-4579)
+- vmd: fix segfaults on corruped streams (CVE-2011-4364)
+- commits related to CVE-2011-4353:
+  - vp6: partially propagate huffman tree building errors during coeff model parsing and fix misspelling
+  - Plug some memory leaks in the VP6 decoder
+  - vp6: Reset the internal state when aborting key frames header parsing
+  - vp6: Fix illegal read.
+  - vp6: Fix illegal read.
+  - Fix out of bound reads in the QDM2 decoder.
+- commits related to CVE-2011-4351:
+  - Check for out of bound writes in the QDM2 decoder.
+  - qdm2: check output buffer size before decoding
+  - Fix qdm2 decoder packet handling to match the api
+
+
 version 0.5.5:
 
 - Fix memory (re)allocation in matroskadec.c (MSVR11-011/CVE-2011-3504)

RELEASE

@@ -153,3 +153,20 @@ corrected. Additional, this release contains fixes for compilation with
 gcc-4.6. Distributors and system integrators are encouraged to update
 and share their patches against this branch.
 
+
+
+* 0.5.6 Dec 25, 2011
+
+General notes
+-------------
+
+This maintenance-only release addresses several security issues that
+were brought to our attention. In details, it features fixes for the
+QDM2 decoder (CVE-2011-4351), DoS in the VP5/VP6 decoders
+(CVE-2011-4353), and a buffer overflow in the Sierra VMD decoder
+CVE-2011-4364, and a safety fix in the SVQ1 decoder (CVE-2011-4579).
+CVE-2011-4352, a bug in the VP3 decoder, is not known to affect this
+release.
+
+Distributors and system integrators are encouraged to update and share
+their patches against this branch.