Release notes and changelog for 0.5.7

Changelog

@@ -2,6 +2,20 @@ Entries are sorted chronologically from oldest to youngest within each release,
 releases are sorted from youngest to oldest.
 
 
+version 0.5.8:
+
+- id3v2: fix skipping extended header in id3v2.4
+- nsvdec: Several bugfixes related to CVE-2011-3940
+- dv: check stype
+- dv: Fix null pointer dereference due to ach=0
+- dv: Fix small stack overread related to CVE-2011-3929 and CVE-2011-3936.
+- atrac3: Fix crash in tonal component decoding, fixes CVE-2012-0853
+- mjpegbdec: Fix overflow in SOS, fixes CVE-2011-3947
+- motionpixels: Clip YUV values after applying a gradient.
+- vqavideo: return error if image size is not a multiple of block size,
+  fixes CVE-2012-0947.
+
+
 version 0.5.7:
 - vorbis: An additional defense in the Vorbis codec. (CVE-2011-3895)
 - vorbisdec: Fix decoding bug with channel handling.

RELEASE

@@ -187,3 +187,19 @@ demuxer (CVE-2011-3893 and CVE-2011-3895).
 Distributors and system integrators are encouraged
 to update and share their patches against this branch.  For a full list
 of changes please see the Changelog file.
+
+* 0.5.8 May 10, 2012
+
+General notes
+-------------
+
+This maintenance-only release that addresses a number a number of
+security issues that have been brought to our attention. Among other
+(rather minor) fixes, this release features fixes for the DV decoder
+(CVE-2011-3929 and CVE-2011-3936), nsvdec (CVE-2011-3940), Atrac3
+(CVE-2012-0853), mjpegdec (CVE-2011-3947) and the VQA video decoder
+(CVE-2012-0947).
+
+Distributors and system integrators are encouraged
+to update and share their patches against this branch.  For a full list
+of changes please see the Changelog file.