Release notes and changelog for 0.5.7
diff --git a/Changelog b/Changelog
index 89903eb..c5c5d31 100644
--- a/Changelog
+++ b/Changelog
@@ -2,6 +2,20 @@
releases are sorted from youngest to oldest.
+version 0.5.8:
+
+- id3v2: fix skipping extended header in id3v2.4
+- nsvdec: Several bugfixes related to CVE-2011-3940
+- dv: check stype
+- dv: Fix null pointer dereference due to ach=0
+- dv: Fix small stack overread related to CVE-2011-3929 and CVE-2011-3936.
+- atrac3: Fix crash in tonal component decoding, fixes CVE-2012-0853
+- mjpegbdec: Fix overflow in SOS, fixes CVE-2011-3947
+- motionpixels: Clip YUV values after applying a gradient.
+- vqavideo: return error if image size is not a multiple of block size,
+ fixes CVE-2012-0947.
+
+
version 0.5.7:
- vorbis: An additional defense in the Vorbis codec. (CVE-2011-3895)
- vorbisdec: Fix decoding bug with channel handling.
diff --git a/RELEASE b/RELEASE
index e68779b..7c0086c 100644
--- a/RELEASE
+++ b/RELEASE
@@ -187,3 +187,19 @@
Distributors and system integrators are encouraged
to update and share their patches against this branch. For a full list
of changes please see the Changelog file.
+
+* 0.5.8 May 10, 2012
+
+General notes
+-------------
+
+This maintenance-only release that addresses a number a number of
+security issues that have been brought to our attention. Among other
+(rather minor) fixes, this release features fixes for the DV decoder
+(CVE-2011-3929 and CVE-2011-3936), nsvdec (CVE-2011-3940), Atrac3
+(CVE-2012-0853), mjpegdec (CVE-2011-3947) and the VQA video decoder
+(CVE-2012-0947).
+
+Distributors and system integrators are encouraged
+to update and share their patches against this branch. For a full list
+of changes please see the Changelog file.
