From c83889f17b35876c9575ca5cc9644e63b006981a Mon Sep 17 00:00:00 2001
From: Darren Salt <linux@youmustbejoking.demon.co.uk>
Date: Fri, 25 Jan 2008 21:58:29 +0000
Subject: Changelog update.

---
 ChangeLog | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 39be0ed4e..75ac42bf8 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,8 @@
 xine-lib (1.1.10) (unreleased)
+  * Security fixes:
+    - Buffer overflow which allows a remote attacker to execute arbitrary
+      code or crash the client program via a crafted ASF header. 
+      (Related to CVE-2006-1664)
   * Update Ogg and Annodex mimetypes and extensions.
   * Change the default v4l device paths to /dev/video0 and /dev/radio0.
   * Fix support for subtitles with schemes (e.g. http://), partly broken
@@ -8,10 +12,9 @@ xine-lib (1.1.10) (unreleased)
     end authors should be careful with xine-lib older than 1.1.10.
   * Backported xine-config & libxine.pc from 1.2.
     Consequently, xine-config now requires pkg-config.
-  * Sanity-check ASF header sizes. This fixes a crash in the ASF demuxer,
-    caused by the example exploit given for CVE-2006-1664.
   * Don't discard audio samples forever. Fixed streaming playback.
   * Fix a possible crash on channel change in the DVB plugin.
+  * Flash video demuxer improvements and bug fixes.
 
 xine-lib (1.1.9.1) 2008-01-11
   * Security fixes:
-- 
cgit v1.2.3