Comment 14 for bug 690169

I've backported the first two commits into my local 0.5 release branch, but since AFAIUI this issue is still confidential, I haven't pushed it to git.ffmpeg.org yet. Also, if someone has a CVE Number for the second issue, I can add it to the commit message. This means that both patches are being scheduled for a potential 0.5.4 release.

I've also checked that FFmpeg 0.6 and later have both patches already included.