[FFmpeg-cvslog] release notes and changelog for 0.6.2
Reinhard Tartler
git at videolan.org
Thu Mar 24 03:43:44 CET 2011
ffmpeg | branch: release/0.6 | Reinhard Tartler <siretart at tauware.de> | Fri Mar 18 18:01:41 2011 +0100| [b0f8fdc411c6380ca9279c8660915f35f5df1a3c] | committer: Reinhard Tartler
release notes and changelog for 0.6.2
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b0f8fdc411c6380ca9279c8660915f35f5df1a3c
---
Changelog | 7 +++++++
RELEASE | 23 +++++++++++++++++++++++
2 files changed, 30 insertions(+), 0 deletions(-)
diff --git a/Changelog b/Changelog
index 999a9e0..2e0a99c 100644
--- a/Changelog
+++ b/Changelog
@@ -1,6 +1,13 @@
Entries are sorted chronologically from oldest to youngest within each release,
releases are sorted from youngest to oldest.
+version 0.6.2:
+
+- Fix invalid reads in VC-1 decoding (related to CVE-2011-0723)
+- Do not attempt to decode APE file with no frames
+ (adresses http://packetstorm.linuxsecurity.com/1103-exploits/vlc105-dos.txt)
+
+
version 0.6.1:
- fix autodetection of E-AC-3 substream samples
diff --git a/RELEASE b/RELEASE
index a8919cd..ddd02e0 100644
--- a/RELEASE
+++ b/RELEASE
@@ -121,3 +121,26 @@ HE-AAC v2 backport
This release includes a backport of the AAC decoder from trunk, which
enables proper playback of HE-AAC v2 media.
+
+
+* 0.6.2
+
+General notes
+-------------
+
+This is a maintenance-only release that addresses a small number of security
+and portability issues. Distributors and system integrators are encouraged
+to update and share their patches against this branch.
+
+Security fixes
+--------------
+
+Programming errors in container and codec implementations may lead to
+denial of service or the execution of arbitrary code if the user is
+tricked into opening a malformed media file or stream.
+
+Affected and updated have been the implementations of the following
+codecs and container formats:
+
+ - VC1 decoder (Change related to CVE-2011-0723)
+ - APE decoder (cf. http://packetstorm.linuxsecurity.com/1103-exploits/vlc105-dos.txt)
More information about the ffmpeg-cvslog
mailing list