diff -r 0e9e4df266f6 -r 10a6bc10e58f ChangeLog
--- a/ChangeLog	Thu Feb 07 23:10:15 2008 +0000
+++ b/ChangeLog	Wed Mar 19 14:04:23 2008 +0000
@@ -1,8 +1,35 @@ xine-lib (1.1.10.1) 2008-02-07
+xine-lib (1.1.11) 2008-03-19
+  * Security fixes:
+    - Array Indexing Vulnerability in sdpplin_parse(). (CVE-2008-0073)
+  * Reworked the plugin directory naming so that external plugins don't have
+    to be rebuilt for every release. We now use a naming scheme based on the
+    API/ABI versioning, checking older directories - with this release, the
+    plugin directory name is 1.20, and if this gets bumped to 1.21 in a
+    future release, 1.20 will still be available for external plugins.
+    (Any directories not 1.* won't be looked in.)
+  * Made the version parsing much more reliable; it wasn't properly coping
+    with four-part version numbers. This affects any program whose build
+    scripts use xine-lib's automake macros.
+  * Fixed an off-by-one in the FLAC security fix patch. This breakage was
+    causing failure to play some files.
+  * Support 16-bit big-endian DTS audio.
+  * Improved frame snapshot API. (ABI extension.)
+  * Re-add support for # (stream parameter separator) in raw filenames,
+    without the bugs found in the original implementation.
+    (This is a convenience feature for users only. Front ends which rely on
+    it for functions like subtitle file detection must instead use file://
+    MRLs; if they don't, we consider them to be buggy.)
+  * Fixed long delay when closing stream on dual core systems [Bug #33]
+
 xine-lib (1.1.10.1) 2008-02-07
   * Security fixes:
     - Array index vulnerability which may allow remote attackers to execute
       arbitrary code via a crafted FLAC tag, causing a stack buffer overflow.
       (CVE-2008-0486)
+    - Buffer overflow in the Matroska demuxer (demuxers/demux_matroska.c)
+      which may allow remote attackers to cause a denial of service (crash)
+      or possibly execute arbitrary code via a Matroska file with invalid
+      frame sizes. (CVE-2008-1161)
   * Fix a RealPlayer codec detection bug.
   * Improve detection of MP3 streams with ID3v2 tags. Don't trust the tag
     size.
@@ -11,7 +38,7 @@ xine-lib (1.1.10) 2008-01-26
   * Security fixes:
     - Buffer overflow which allows a remote attacker to execute arbitrary
       code or crash the client program via a crafted ASF header. 
-      (Related to CVE-2006-1664)
+      (CVE-2008-1110, related to CVE-2006-1664)
   * Update Ogg and Annodex mimetypes and extensions.
   * Change the default v4l device paths to /dev/video0 and /dev/radio0.
   * Fix support for subtitles with schemes (e.g. http://), partly broken