Release notes and changelog for 0.5.5

2011-11-05 12:53:16 +01:00
parent 9463a28792
commit 0f2735e839
2 changed files with 27 additions and 0 deletions
--- a/11
+++ b/11
@@ -1,6 +1,17 @@
 Entries are sorted chronologically from oldest to youngest within each release,
 releases are sorted from youngest to oldest.

+
+version 0.5.5:
+
+- Fix memory (re)allocation in matroskadec.c (MSVR11-011/CVE-2011-3504)
+- Fix some crashes with invalid bitstreams in the CAVS decoder
+  (CVE-2011-3362, CVE-2011-3973, CVE-2011-3974)
+- Compilation fixes for gcc-4.6, testsuite now passes again
+- Detect and handle overreads in the MJPEG decoder.
+
+
+
 version 0.5.4:

 - Fix memory corruption in WMV parsing (addresses CVE-2010-3908)
--- a/16
+++ b/16
@@ -137,3 +137,19 @@ maintenance-only release that addresses several security issues that were
 brought to our attention. In detail, fixes for RV30/40, WMV, Vorbis and
 VC-1 have been backported from trunk. Distributors and system integrators
 are encouraged to update and share their patches against this branch.
+
+
+
+* 0.5.5 Nov 11, 2011
+
+General notes
+-------------
+
+This maintenance-only release addresses several security issues that
+were brought to our attention. In detail, fixes for the MJPEG decoder,
+the CAVS decoder (CVE-2011-3362, CVE-2011-3973, CVE-2011-3974), and the
+Matroska decoder (MSVR11-011/CVE-2011-3504) have been
+corrected. Additional, this release contains fixes for compilation with
+gcc-4.6. Distributors and system integrators are encouraged to update
+and share their patches against this branch.
+