From mo at bunkus.online  Thu Feb 18 13:21:46 2021
From: mo at bunkus.online (Moritz Bunkus)
Date: Thu, 18 Feb 2021 13:21:46 +0100
Subject: [Matroska-devel] libEBML v1.4.2 & libMatroska v1.6.3 released
Message-ID: <87mtw14ld3.fsf@bunkus.online>

Hey,

there's a heap overflow bug in libEBML v1.4.1 (CVE-2021-3405) that has just
been fixed with the release of v1.4.2.

libMatroska v1.6.3 on the other hand is solely a feature enhancement.

Both libraries are API & ABI compatible with their previous releases.

Here are the download link & ChangeLog entries:

https://dl.matroska.org/downloads/libebml/libebml-1.4.2.tar.xz
https://dl.matroska.org/downloads/libebml/libebml-1.4.2.tar.xz.sha512.txt

https://dl.matroska.org/downloads/libmatroska/libmatroska-1.6.3.tar.xz
https://dl.matroska.org/downloads/libmatroska/libmatroska-1.6.3.tar.xz.sha512.txt

ChangeLog libEBML:

------------------------------------------------------------
2021-02-18  Moritz Bunkus  <mo at bunkus.online>

        * Release v1.4.2.

        * Fixed several heap overflow bugs in the `ReadData` functions of
        various data type classes. This fixes CVE-2021-3405.
------------------------------------------------------------

ChangeLog libMatroska:

------------------------------------------------------------
2021-02-18  Moritz Bunkus  <mo at bunkus.online>

        * Release v1.6.3.

        * libEBML v1.4.2 is now required.

        * Added classes for new track header elements:
        "KaxFlagHearingImpaired", "KaxFlagVisualImpaired",
        "KaxFlagTextDescriptions", "KaxFlagOriginal" and
        "KaxFlagCommentary".
------------------------------------------------------------

Have fun :)

mosu