CVE references (backport)

NEWS

 $Id$
 
+CVE IDs pending: 2008-0295, 2008-0296, 2007-6681, 2007-6682, 2007-6683
+
 Changes between 0.8.6d and 0.8.6e (not yet released):
 -----------------------------------------------------
 
@@ -45,7 +47,7 @@ Windows and Mac OS Binaries
  * FLAC Security Update (CVE-2007-4619) to prevent multiple integer overflows 
 
 Active X plugin:
- * Security update (VideoLAN-SA-0703)
+ * Security update (VideoLAN-SA-0703, CVE-2007-6262)
  
 Mac OS X Interface & Port:
  * Apple Remote support on Mac OS X 10.5 Leopard with enhanced functionality
@@ -61,7 +63,8 @@ Encoders:
 Other changes:
  * The automatic updating facility was removed
  * You now need to append --m3u-extvlcopt to your command line to enable
-   EXTVLCOPT options parsing in m3u playlists.
+   EXTVLCOPT options parsing in m3u playlists (CVE-2007-6683).
+ * RTSP server remote denial of service fixed (CVE-2007-6684).
 
 
 Changes between 0.8.6b and 0.8.6c:
@@ -76,10 +79,11 @@ Various bugfixes, notably:
  * MKV demuxer crash (related to seeking)
 
 CDDA / Vorbis / Theora / SAP plugins:
- * Security updates (VideoLAN-SA-0702, CVE-2007-3316)
+ * Security updates (VideoLAN-SA-0702, CVE-2007-3316, US-CERT VU#200928)
 
 Demuxers:
  * Fixed a problem with detecting embedded subtitles (GAB2 format) in AVI
+ * Prevent WAV file integer overflow (CVE-2007-3467 & CVE-2007-3468)
 
 Decoders:
  * Updated FLAC API compatibility
@@ -120,7 +124,7 @@ Changes between 0.8.6 and 0.8.6a:
 ---------------------------------
 
 CDDA / VCDX plugins:
- * Security updates (VideoLAN-SA-0701)
+ * Security updates (VideoLAN-SA-0701, CVE-2007-0017)
 
 Mac OS X Interface:
  * Fullscreen controller improvements