Commit deb650c6 authored by Reinhard Tartler's avatar Reinhard Tartler

Release notes and changelog for 0.5.10

parent 0b25c3b6
Entries are sorted chronologically from oldest to youngest within each release,
releases are sorted from youngest to oldest.
version 0.5.10:
- mpeg12: do not decode extradata more than once (CVE-2012-2803)
- vp6: properly fail on unsupported feature (CVE-2012-2783)
- vp56: release frames on error (CVE-2012-2783)
- shorten: Use separate pointers for the allocated memory for decoded samples (CVE-2012-0858)
- shorten: check for realloc failure
- h264: check context state before decoding slice data partitions
- oggdec: check memory allocation
- Fix uninitialized reads on malformed Ogg files
- lavf: avoid integer overflow in ff_compute_frame_duration()
- yuv4mpeg: reject unsupported codecs
- tiffenc: Check av_malloc() results
- mpegaudiodec: fix short_start calculation
- h264: avoid stuck buffer pointer in decode_nal_units
- yuv4mpeg: return proper error codes (Bug 373)
- avidec: return 0, not packet size from read_packet()
- cavsdec: check for changing w/h (CVE-2012-2777 and CVE-2012-2784)
- avidec: use actually read size instead of requested size CVE-2012-2788
- bytestream: add a new set of bytestream functions with overread checking
- avsdec: Set dimensions instead of relying on the demuxer (CVE-2012-2801)
- lavfi: avfilter_merge_formats: handle case where inputs are same
- bmpdec: only initialize palette for pal8 (Bug 367)
- Bump version number for the 0.5.10 release
- lavfi: avfilter_merge_formats: handle case where inputs are same
- mpegvideo: Don't use ff_mspel_motion() for vc1
- imgconvert: avoid undefined left shift in avcodec_find_best_pix_fmt
- nuv: check RTjpeg header for validity
- vc1dec: add flush function for WMV9 and VC-1 decoders
version 0.5.9:
- dpcm: ignore extra unpaired bytes in stereo streams (CVE-2011-3951)
- h264: Add check for invalid chroma_format_idc (CVE-2012-0851)
- adpcm: ADPCM Electronic Arts has always two channels (CVE-2012-0852)
......
......@@ -213,12 +213,32 @@ of changes please see the Changelog file.
General notes
-------------
This mostly maintenance-only release addresses a number a number of bugs
such as security and compilation issues that have been brought to our
attention. Among other fixes, this release features includes security
updates for the DPCM codecs (CVE-2011-3951), H.264 (CVE-2012-0851),
ADPCM (CVE-2012-0852), and the KMVC decoder (CVE-2011-3952).
This mostly maintenance-only release addresses a number of bugs such as
security and compilation issues that have been brought to our
attention. Among other fixes, this release includes security updates for
the DPCM codecs (CVE-2011-3951), H.264 (CVE-2012-0851), ADPCM
(CVE-2012-0852), and the KMVC decoder (CVE-2011-3952).
Distributors and system integrators are encouraged
to update and share their patches against this branch. For a full list
of changes please see the Changelog file or the git commit history.
Distributors and system integrators are encouraged to update and share
their patches against this branch. For a full list of changes please see
the Changelog file or the Git commit history.
* 0.5.10 Feb 16, 2013
General notes
-------------
This maintenance-only release addresses a number of bugs such as
security and compilation issues that have been brought to our
attention. Among other fixes, this release includes security updates for
the mpeg12 codecs (CVE-2012-2803), H.264, VP5/VP6 (CVE-2012-2783,
CVE-2012-2783), shorten (CVE-2012-0858), CAVS (CVE-2012-2777 and
CVE-2012-2784), AVS (CVE-2012-2801) and a number of additional safe but
important bugs in other decoders. Additionally, reported bugs in the
yuv4mpeg (Bug 373) and BMP decoder (Bug 367) have been addressed.
Distributors and system integrators are encouraged to update and share
their patches against this branch. For a full list of changes please
see the Changelog file or the Git commit history.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment