From deb650c692317ccc3e5359f5b100c98dc88c514f Mon Sep 17 00:00:00 2001 From: Reinhard Tartler Date: Fri, 15 Feb 2013 19:41:04 +0100 Subject: [PATCH] Release notes and changelog for 0.5.10 --- Changelog | 31 +++++++++++++++++++++++++++++++ RELEASE | 36 ++++++++++++++++++++++++++++-------- 2 files changed, 59 insertions(+), 8 deletions(-) diff --git a/Changelog b/Changelog index b39ecc0817..4611254291 100644 --- a/Changelog +++ b/Changelog @@ -1,8 +1,39 @@ Entries are sorted chronologically from oldest to youngest within each release, releases are sorted from youngest to oldest. +version 0.5.10: + +- mpeg12: do not decode extradata more than once (CVE-2012-2803) +- vp6: properly fail on unsupported feature (CVE-2012-2783) +- vp56: release frames on error (CVE-2012-2783) +- shorten: Use separate pointers for the allocated memory for decoded samples (CVE-2012-0858) +- shorten: check for realloc failure +- h264: check context state before decoding slice data partitions +- oggdec: check memory allocation +- Fix uninitialized reads on malformed Ogg files +- lavf: avoid integer overflow in ff_compute_frame_duration() +- yuv4mpeg: reject unsupported codecs +- tiffenc: Check av_malloc() results +- mpegaudiodec: fix short_start calculation +- h264: avoid stuck buffer pointer in decode_nal_units +- yuv4mpeg: return proper error codes (Bug 373) +- avidec: return 0, not packet size from read_packet() +- cavsdec: check for changing w/h (CVE-2012-2777 and CVE-2012-2784) +- avidec: use actually read size instead of requested size CVE-2012-2788 +- bytestream: add a new set of bytestream functions with overread checking +- avsdec: Set dimensions instead of relying on the demuxer (CVE-2012-2801) +- lavfi: avfilter_merge_formats: handle case where inputs are same +- bmpdec: only initialize palette for pal8 (Bug 367) +- Bump version number for the 0.5.10 release +- lavfi: avfilter_merge_formats: handle case where inputs are same +- mpegvideo: Don't use ff_mspel_motion() for vc1 +- imgconvert: avoid undefined left shift in avcodec_find_best_pix_fmt +- nuv: check RTjpeg header for validity +- vc1dec: add flush function for WMV9 and VC-1 decoders + version 0.5.9: + - dpcm: ignore extra unpaired bytes in stereo streams (CVE-2011-3951) - h264: Add check for invalid chroma_format_idc (CVE-2012-0851) - adpcm: ADPCM Electronic Arts has always two channels (CVE-2012-0852) diff --git a/RELEASE b/RELEASE index c164d6b566..05e1cd0892 100644 --- a/RELEASE +++ b/RELEASE @@ -213,12 +213,32 @@ of changes please see the Changelog file. General notes ------------- -This mostly maintenance-only release addresses a number a number of bugs -such as security and compilation issues that have been brought to our -attention. Among other fixes, this release features includes security -updates for the DPCM codecs (CVE-2011-3951), H.264 (CVE-2012-0851), -ADPCM (CVE-2012-0852), and the KMVC decoder (CVE-2011-3952). +This mostly maintenance-only release addresses a number of bugs such as +security and compilation issues that have been brought to our +attention. Among other fixes, this release includes security updates for +the DPCM codecs (CVE-2011-3951), H.264 (CVE-2012-0851), ADPCM +(CVE-2012-0852), and the KMVC decoder (CVE-2011-3952). -Distributors and system integrators are encouraged -to update and share their patches against this branch. For a full list -of changes please see the Changelog file or the git commit history. +Distributors and system integrators are encouraged to update and share +their patches against this branch. For a full list of changes please see +the Changelog file or the Git commit history. + + + +* 0.5.10 Feb 16, 2013 + +General notes +------------- + +This maintenance-only release addresses a number of bugs such as +security and compilation issues that have been brought to our +attention. Among other fixes, this release includes security updates for +the mpeg12 codecs (CVE-2012-2803), H.264, VP5/VP6 (CVE-2012-2783, +CVE-2012-2783), shorten (CVE-2012-0858), CAVS (CVE-2012-2777 and +CVE-2012-2784), AVS (CVE-2012-2801) and a number of additional safe but +important bugs in other decoders. Additionally, reported bugs in the +yuv4mpeg (Bug 373) and BMP decoder (Bug 367) have been addressed. + +Distributors and system integrators are encouraged to update and share +their patches against this branch. For a full list of changes please +see the Changelog file or the Git commit history.