From mo at bunkus.online  Mon Jan  4 15:38:10 2021
From: mo at bunkus.online (Moritz Bunkus)
Date: Mon, 04 Jan 2021 15:38:10 +0100
Subject: [Matroska-devel] libEBML v1.4.1 released
Message-ID: <87pn2k4vjl.fsf@bunkus.online>

Hey,

here's a new releases of libEBML, v1.4.1. It fixes an issue when
encountering certain types of invalid data; libEBML might return a pointer
to memory that has just been freed, leading to potential use-after-free
errors.

Here are the download link & ChangeLog entries:

https://dl.matroska.org/downloads/libebml/libebml-1.4.1.tar.xz
https://dl.matroska.org/downloads/libebml/libebml-1.4.1.tar.xz.sha512.txt

ChangeLog:

------------------------------------------------------------
2021-01-04  Moritz Bunkus  <mo at bunkus.online>

        * Release v1.4.1.

2021-01-02  Moritz Bunkus  <mo at bunkus.online>

        * Fixed a case EbmlMaster::Read where the element returned via
        UpperEltFound and FountElt points to a just-deleted element,
        causing callers to think the memory returned is valid, potentially
        leading to use-after-free/double-free errors. This can happen if
        the specific element's Read function throws an exception when
        encountering certain invalid data constellations.
------------------------------------------------------------

Have fun :)

mosu