--- src/download | 48 ++++++++++++++++++++++++------------------------ src/index | 40 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 64 insertions(+), 24 deletions(-)
diff --git a/src/download b/src/download index 5d6d712..54eab8e 100644 --- a/src/download +++ b/src/download @@ -180,47 +180,47 @@ which was cut on on 2011-06-20. Please use our new Bugzilla for filing bugs: </p> <a name="release_0.6"></a><h2> -Libav 0.6.2 "Works with HTML5"</h2> +Libav 0.6.3 "Works with HTML5"</h2> <p> -0.6.2 appeared on 2011-03-18. It is the latest point release from the +0.6.3 appeared on 2011-11-05. It is the latest point release from the 0.6 release branch, which was cut on 2010-05-04. </p> <p> -<a href="releases/libav-0.6.2.tar.bz2">Download bzip2 tarball</a> -<a href="releases/libav-0.6.2.tar.bz2.md5">MD5</a> -<a href="releases/libav-0.6.2.tar.bz2.sha1">SHA1</a> -<a href="releases/libav-0.6.2.tar.bz2.asc">PGP signature</a><br /> -<a href="releases/libav-0.6.2.tar.gz">Download gzip tarball</a> -<a href="releases/libav-0.6.2.tar.gz.md5">MD5</a> -<a href="releases/libav-0.6.2.tar.gz.sha1">SHA1</a> -<a href="releases/libav-0.6.2.tar.gz.asc">PGP signature</a><br /> +<a href="releases/libav-0.6.3.tar.xz">Download XZ tarball</a> +<a href="releases/libav-0.6.3.tar.xz.md5">MD5</a> +<a href="releases/libav-0.6.3.tar.xz.sha1">SHA1</a> +<a href="releases/libav-0.6.3.tar.xz.asc">PGP signature</a><br /> +<a href="releases/libav-0.6.3.tar.gz">Download gzip tarball</a> +<a href="releases/libav-0.6.3.tar.gz.md5">MD5</a> +<a href="releases/libav-0.6.3.tar.gz.sha1">SHA1</a> +<a href="releases/libav-0.6.3.tar.gz.asc">PGP signature</a><br /> <a href="releases/libav-win32-0.6.2.7z">Win32 binaries</a><br /> -<a href="releases/libav-0.6.2.changelog">Changelog</a><br /> -<a href="releases/libav-0.6.2.release">Release Notes</a> +<a href="releases/libav-0.6.3.changelog">Changelog</a><br /> +<a href="releases/libav-0.6.3.release">Release Notes</a> </p> <a name="release_0.5"></a><h2> -FFmpeg 0.5.4 "half-way to world domination A.K.A. the belligerent blue bike +FFmpeg 0.5.5 "half-way to world domination A.K.A. the belligerent blue bike shed"</h2> <p> -0.5.4 appeared on 2011-03-17. It is the latest point release from the 0.5 +0.5.5 appeared on 2011-11-05. It is the latest point release from the 0.5 release branch cut on 2009-03-02. </p> <p> -<a href="releases/ffmpeg-0.5.4.tar.bz2">Download bzip2 tarball</a> -<a href="releases/ffmpeg-0.5.4.tar.bz2.md5">MD5</a> -<a href="releases/ffmpeg-0.5.4.tar.bz2.sha1">SHA1</a> -<a href="releases/ffmpeg-0.5.4.tar.bz2.asc">PGP signature</a><br /> -<a href="releases/ffmpeg-0.5.4.tar.gz">Download gzip tarball</a> -<a href="releases/ffmpeg-0.5.4.tar.gz.md5">MD5</a> -<a href="releases/ffmpeg-0.5.4.tar.gz.sha1">SHA1</a> -<a href="releases/ffmpeg-0.5.4.tar.gz.asc">PGP signature</a><br /> -<a href="releases/ffmpeg-0.5.4.changelog">Changelog</a><br /> -<a href="releases/ffmpeg-0.5.4.release">Release Notes</a> +<a href="releases/ffmpeg-0.5.5.tar.xz">Download XZ tarball</a> +<a href="releases/ffmpeg-0.5.5.tar.xz.md5">MD5</a> +<a href="releases/ffmpeg-0.5.5.tar.xz.sha1">SHA1</a> +<a href="releases/ffmpeg-0.5.5.tar.xz.asc">PGP signature</a><br /> +<a href="releases/ffmpeg-0.5.5.tar.gz">Download gzip tarball</a> +<a href="releases/ffmpeg-0.5.5.tar.gz.md5">MD5</a> +<a href="releases/ffmpeg-0.5.5.tar.gz.sha1">SHA1</a> +<a href="releases/ffmpeg-0.5.5.tar.gz.asc">PGP signature</a><br /> +<a href="releases/ffmpeg-0.5.5.changelog">Changelog</a><br /> +<a href="releases/ffmpeg-0.5.5.release">Release Notes</a> </p> <a name="distros"></a><h1>Distribution Status</h1> diff --git a/src/index b/src/index index 10badc9..1696f24 100644 --- a/src/index +++ b/src/index @@ -33,6 +33,46 @@ with the latest developments by subscribing to both the <h1>News</h1> +<a name="release_0.6.3"></a><h3>Nov 11 2011</h3> + +<p> +Today, we update two of our stable +branches: <a href="download.html#release_0.6"> Libav 0.6.3</a>, +and <a href="download.html#release_0.5"> Libav 0.5.5</a>. Both are +mostly security related updates, with the intention to not introduce +disturbing or interfering changes. This allows distributors and system +integrators to update their libraries at low risk of unexpected +problems. +</p> + +<p> +For the <b>0.5.5</b> release, the following issues have been fixed: +<ul> + <li>Fix memory (re)allocation in matroskadec.c (MSVR11-011/CVE-2011-3504)</li> + <li>Fix some crashes with invalid bitstreams in the CAVS decoder + (CVE-2011-3362, CVE-2011-3973, CVE-2011-3974)</li> + <li>Compilation fixes for gcc-4.6, testsuite now passes again</li> + <li>Detect and handle overreads in the MJPEG decoder.</li> +</ul> +</p> + +<p> +For the <b>0.6.3</b> release, the following <b>additional</b> changes +have been done: +<ul> + <li>Fix compilation with --enable-hardcoded-tables</li> + <li>Fix races in default av_log handler (possibly exploitable)</li> + <li>lavf: inspect more frames for fps when container time base is coarse</li> + <li>AMV: disable DR1 and don't override EMU_EDGE (addresses http://seclists.org/bugtraq/2011/Apr/257)</li> + <li>Fix a heap corruption issue in the OGG decoder</li> + <li>Backported the Android VisualOn AAC encoder wrapper from 0.7.2</li> +</ul> + +<p> +As always, distributors and system integrators are encouraged to update +and share their patches against our release branches. +</p> + <a name="release_0.7.2"></a><h3>Sept 30 2011</h3> <p> -- 1.7.5.4 _______________________________________________ libav-devel mailing list [email protected] https://lists.libav.org/mailman/listinfo/libav-devel
