From 9db4cd9e5b2ebb3abfc931f36e3d12713bae946d Mon Sep 17 00:00:00 2001
From: =?utf8?q?R=C3=A9mi=20Denis-Courmont?= <rem@videolan.org>
Date: Sat, 19 Jan 2008 20:38:59 +0000
Subject: [PATCH] CVE references

---
 NEWS | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/NEWS b/NEWS
index 15edf3817e..6d9147441e 100644
--- a/NEWS
+++ b/NEWS
@@ -1,5 +1,7 @@
 $Id$
 
+CVE IDs pending: 2008-0295, 2008-0296, 2007-6681, 2007-6682, 2007-6683
+
 Changes between 0.8.6 and 0.9.0-svn (not released yet):
 -------------------------------------------------------
 
@@ -34,7 +36,7 @@ Important notes:
      New: '#rtp{dst=239.255.1.2,sap}'
  * You now need to append --m3u-extvlcopt to your command line to enable
    EXTVLCOPT options parsing in m3u playlists. Note that only a limited set
-   of options is available to m3u playlists.
+   of options is available to m3u playlists (CVE-2007-6683).
 
 Changes:
 --------
@@ -191,7 +193,7 @@ Windows and Mac OS Binaries
  * FLAC Security Update (CVE-2007-4619) to prevent multiple integer overflows 
 
 Active X plugin:
- * Security update (VideoLAN-SA-0703)
+ * Security update (VideoLAN-SA-0703, CVE-2007-6262)
  
 Mac OS X Interface & Port:
  * Apple Remote support on Mac OS X 10.5 Leopard with enhanced functionality
@@ -208,6 +210,7 @@ Other changes:
  * The automatic updating facility was removed
  * You now need to append --m3u-extvlcopt to your command line to enable
    EXTVLCOPT options parsing in m3u playlists.
+ * RTSP server remote denial of service fixed (CVE-2007-6684).
 
 
 Changes between 0.8.6b and 0.8.6c:
@@ -222,10 +225,11 @@ Various bugfixes, notably:
  * MKV demuxer crash (related to seeking)
 
 CDDA / Vorbis / Theora / SAP plugins:
- * Security updates (VideoLAN-SA-0702, CVE-2007-3316)
+ * Security updates (VideoLAN-SA-0702, CVE-2007-3316, US-CERT VU#200928)
 
 Demuxers:
  * Fixed a problem with detecting embedded subtitles (GAB2 format) in AVI
+ * Prevent WAV file integer overflow (CVE-2007-3467 & CVE-2007-3468)
 
 Decoders:
  * Updated FLAC API compatibility
@@ -266,7 +270,7 @@ Changes between 0.8.6 and 0.8.6a:
 ---------------------------------
 
 CDDA / VCDX plugins:
- * Security updates (VideoLAN-SA-0701)
+ * Security updates (VideoLAN-SA-0701, CVE-2007-0017)
 
 Mac OS X Interface:
  * Fullscreen controller improvements
-- 
2.39.2