Release notes and changelog for 0.5.7
diff --git a/Changelog b/Changelog
index 1d9eb79..89903eb 100644
--- a/Changelog
+++ b/Changelog
@@ -2,6 +2,16 @@
releases are sorted from youngest to oldest.
+version 0.5.7:
+- vorbis: An additional defense in the Vorbis codec. (CVE-2011-3895)
+- vorbisdec: Fix decoding bug with channel handling.
+- matroskadec: Fix a bug where a pointer was cached to an array that might
+ later move due to a realloc(). (CVE-2011-3893)
+- vorbis: Avoid some out-of-bounds reads. (CVE-2011-3893)
+- vp3: fix oob read for negative tokens and memleaks on error, (CVE-2011-3892)
+- vp3: fix streams with non-zero last coefficient.
+
+
version 0.5.6:
- svq1dec: call avcodec_set_dimensions() after dimensions changed. (NGS00148, CVE-2011-4579)
- vmd: fix segfaults on corruped streams (CVE-2011-4364)
diff --git a/RELEASE b/RELEASE
index 364a327..e68779b 100644
--- a/RELEASE
+++ b/RELEASE
@@ -170,3 +170,20 @@
Distributors and system integrators are encouraged to update and share
their patches against this branch.
+
+
+
+* 0.5.7 Jan 11, 2012
+
+General notes
+-------------
+
+This mostly maintenance-only release that addresses a number a number of
+bugs such as security and compilation issues that have been brought to
+our attention. Among other (rather minor) fixes, this release features
+fixes for the VP3 decoder (CVE-2011-3892), vorbis decoder, and matroska
+demuxer (CVE-2011-3893 and CVE-2011-3895).
+
+Distributors and system integrators are encouraged
+to update and share their patches against this branch. For a full list
+of changes please see the Changelog file.
