Module: libav.org Branch: master Commit: 35a02ddc785f336f9bfb7acbdf50faabfba6d013
Author: Reinhard Tartler <[email protected]> Committer: Reinhard Tartler <[email protected]> Date: Sun Mar 24 07:04:26 2013 +0100 Announce Releases 9.4 and 0.8.6 --- src/download | 42 +++++++++++++++++++++--------------------- src/news | 35 +++++++++++++++++++++++++++++++++++ 2 files changed, 56 insertions(+), 21 deletions(-) diff --git a/src/download b/src/download index 4388e91..71eb09a 100644 --- a/src/download +++ b/src/download @@ -208,28 +208,28 @@ and much faster bug fixes such as additional features and security patches. <a name="release_9"></a><h2>Libav 9 "plain 9"</h2> <p> -9.3 was released on 2013-03-02. It is the latest point release from +9.4 was released on 2013-03-24. It is the latest point release from the version 9 release branch, which was released on 2013-01-05. Please give us feedback and use our Bugzilla for filing bugs: <a href="https://bugzilla.libav.org";>https://bugzilla.libav.org/</a> </p> <p> -<a href="releases/libav-9.3.tar.xz">Download XZ tarball</a> -<a href="releases/libav-9.3.tar.xz.md5">MD5</a> -<a href="releases/libav-9.3.tar.xz.sha1">SHA1</a> -<a href="releases/libav-9.3.tar.xz.asc">PGP signature</a><br /> -<a href="releases/libav-9.3.tar.gz">Download gzip tarball</a> -<a href="releases/libav-9.3.tar.gz.md5">MD5</a> -<a href="releases/libav-9.3.tar.gz.sha1">SHA1</a> -<a href="releases/libav-9.3.tar.gz.asc">PGP signature</a><br /> -<a href="releases/libav-9.3.changelog">Changelog</a><br /> -<a href="releases/libav-9.3.release">Release Notes</a> +<a href="releases/libav-9.4.tar.xz">Download XZ tarball</a> +<a href="releases/libav-9.4.tar.xz.md5">MD5</a> +<a href="releases/libav-9.4.tar.xz.sha1">SHA1</a> +<a href="releases/libav-9.4.tar.xz.asc">PGP signature</a><br /> +<a href="releases/libav-9.4.tar.gz">Download gzip tarball</a> +<a href="releases/libav-9.4.tar.gz.md5">MD5</a> +<a href="releases/libav-9.4.tar.gz.sha1">SHA1</a> +<a href="releases/libav-9.4.tar.gz.asc">PGP signature</a><br /> +<a href="releases/libav-9.4.changelog">Changelog</a><br /> +<a href="releases/libav-9.4.release">Release Notes</a> </p> <a name="release_0.8"></a><h2>Libav 0.8.5 "Forbidden Fruit"</h2> <p> -0.8.5 was released on 2012-10-22. It is the latest point release from +0.8.6 was released on 2013-03-24. It is the latest point release from the 0.8 branch, which was cut on 2012-01-21. Please give us feedback with your experiences with this release and use our new Bugzilla for filing bugs: @@ -237,15 +237,15 @@ filing bugs: </p> <p> -<a href="releases/libav-0.8.5.tar.xz">Download XZ tarball</a> -<a href="releases/libav-0.8.5.tar.xz.md5">MD5</a> -<a href="releases/libav-0.8.5.tar.xz.sha1">SHA1</a> -<a href="releases/libav-0.8.5.tar.xz.asc">PGP signature</a><br /> -<a href="releases/libav-0.8.5.tar.gz">Download gzip tarball</a> -<a href="releases/libav-0.8.5.tar.gz.md5">MD5</a> -<a href="releases/libav-0.8.5.tar.gz.sha1">SHA1</a> -<a href="releases/libav-0.8.5.tar.gz.asc">PGP signature</a><br /> -<a href="releases/libav-0.8.5.changelog">Changelog</a><br /> +<a href="releases/libav-0.8.6.tar.xz">Download XZ tarball</a> +<a href="releases/libav-0.8.6.tar.xz.md5">MD5</a> +<a href="releases/libav-0.8.6.tar.xz.sha1">SHA1</a> +<a href="releases/libav-0.8.6.tar.xz.asc">PGP signature</a><br /> +<a href="releases/libav-0.8.6.tar.gz">Download gzip tarball</a> +<a href="releases/libav-0.8.6.tar.gz.md5">MD5</a> +<a href="releases/libav-0.8.6.tar.gz.sha1">SHA1</a> +<a href="releases/libav-0.8.6.tar.gz.asc">PGP signature</a><br /> +<a href="releases/libav-0.8.6.changelog">Changelog</a><br /> <a href="releases/libav-0.8.release">Release Notes</a> </p> diff --git a/src/news b/src/news index d260a1c..b4521c7 100644 --- a/src/news +++ b/src/news @@ -1,5 +1,40 @@ <h1>News</h1> +<a name="9.4"></a><h3>March 23, 2013</h3> +<p> +We are proud to update two release branches: Today, we provide you with +both, <a href="download.html#release_9">Libav 9.4</a> +and <a href="download.html#release_0.8">Libav 0.8.6</a>, in order to +address a number of critical functional and security issues that we have +been made aware of. For both releases, we are happy to confirm that the +following CVE tracked issues have been fixed: +</p> + +<ul> +<li>h264: check for luma and chroma bit depth being equal (CVE-2013-2277)</li> +<li>iff: validate CMAP palette size (CVE-2013-2495)</li> +<li>msrledec: convert to bytestream2 API and add proper bounds checking (CVE-2013-2496)</li> +<li>vorbisdec: Error on bark_map_size equal to 0 (CVE-2013-0894)</li> +</ul + +<p> +For further details on the backported changes, please refer to our verbose Changelog files: +</p> + +<ul> +<li><a href="http://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v9.4";>Changelog for 9.4</a></li> +<li><a href="http://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v0.8.6";>Changelog for 0.8.6</a></li> +</ul> + +<p> +Distributors and system integrators are encouraged to update and share +their patches against our release branches. +</p> + +<p> +<em>Enjoy!</em> +</p> + <a name="9.3"></a><h3>March 2, 2013</h3> <p> We have been made aware of a security issue in our Vorbis _______________________________________________ libav-commits mailing list [email protected] https://lists.libav.org/mailman/listinfo/libav-commits
