Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
release notes and changelog for 0.6.2
  • Loading branch information
Reinhard Tartler committed Mar 18, 2011
1 parent ba1927d commit b0f8fdc
Show file tree
Hide file tree
Showing 2 changed files with 30 additions and 0 deletions.
7 changes: 7 additions & 0 deletions Changelog
@@ -1,6 +1,13 @@
Entries are sorted chronologically from oldest to youngest within each release,
releases are sorted from youngest to oldest.

version 0.6.2:

- Fix invalid reads in VC-1 decoding (related to CVE-2011-0723)
- Do not attempt to decode APE file with no frames
(adresses http://packetstorm.linuxsecurity.com/1103-exploits/vlc105-dos.txt)


version 0.6.1:

- fix autodetection of E-AC-3 substream samples
Expand Down
23 changes: 23 additions & 0 deletions RELEASE
Expand Up @@ -121,3 +121,26 @@ HE-AAC v2 backport

This release includes a backport of the AAC decoder from trunk, which
enables proper playback of HE-AAC v2 media.


* 0.6.2

General notes
-------------

This is a maintenance-only release that addresses a small number of security
and portability issues. Distributors and system integrators are encouraged
to update and share their patches against this branch.

Security fixes
--------------

Programming errors in container and codec implementations may lead to
denial of service or the execution of arbitrary code if the user is
tricked into opening a malformed media file or stream.

Affected and updated have been the implementations of the following
codecs and container formats:

- VC1 decoder (Change related to CVE-2011-0723)
- APE decoder (cf. http://packetstorm.linuxsecurity.com/1103-exploits/vlc105-dos.txt)

0 comments on commit b0f8fdc

Please sign in to comment.