summaryrefslogtreecommitdiff
path: root/libs/libssh2/docs/RELEASE-NOTES
diff options
context:
space:
mode:
Diffstat (limited to 'libs/libssh2/docs/RELEASE-NOTES')
-rw-r--r--libs/libssh2/docs/RELEASE-NOTES48
1 files changed, 23 insertions, 25 deletions
diff --git a/libs/libssh2/docs/RELEASE-NOTES b/libs/libssh2/docs/RELEASE-NOTES
index 5b78ede381..6c2d7de324 100644
--- a/libs/libssh2/docs/RELEASE-NOTES
+++ b/libs/libssh2/docs/RELEASE-NOTES
@@ -1,31 +1,29 @@
-libssh2 1.8.0
-
-This release includes the following changes:
-
- o added a basic dockerised test suite
- o crypto: add support for the mbedTLS backend
+libssh2 1.8.1
This release includes the following bugfixes:
-
- o libgcrypt: fixed a NULL pointer dereference on OOM
- o VMS: can't use %zd for off_t format
- o VMS: update vms/libssh2_config.h
- o windows: link with crypt32.lib
- o libssh2_channel_open: speeling error fixed in channel error message
- o msvc: fixed 14 compilation warnings
- o tests: HAVE_NETINET_IN_H was not defined correctly
- o openssl: add OpenSSL 1.1.0 compatibility
- o cmake: Add CLEAR_MEMORY option, analogously to that for autoconf
- o configure: make the --with-* options override the OpenSSL default
- o libssh2_wait_socket: set err_msg on errors
- o libssh2_wait_socket: Fix comparison with api_timeout to use milliseconds
+ o fixed possible integer overflow when reading a specially crafted packet
+ (https://www.libssh2.org/CVE-2019-3855.html)
+ o fixed possible integer overflow in userauth_keyboard_interactive with a
+ number of extremely long prompt strings
+ (https://www.libssh2.org/CVE-2019-3863.html)
+ o fixed possible integer overflow if the server sent an extremely large number
+ of keyboard prompts (https://www.libssh2.org/CVE-2019-3856.html)
+ o fixed possible out of bounds read when processing a specially crafted packet
+ (https://www.libssh2.org/CVE-2019-3861.html)
+ o fixed possible integer overflow when receiving a specially crafted exit
+ signal message channel packet (https://www.libssh2.org/CVE-2019-3857.html)
+ o fixed possible out of bounds read when receiving a specially crafted exit
+ status message channel packet (https://www.libssh2.org/CVE-2019-3862.html)
+ o fixed possible zero byte allocation when reading a specially crafted SFTP
+ packet (https://www.libssh2.org/CVE-2019-3858.html)
+ o fixed possible out of bounds reads when processing specially crafted SFTP
+ packets (https://www.libssh2.org/CVE-2019-3860.html)
+ o fixed possible out of bounds reads in _libssh2_packet_require(v)
+ (https://www.libssh2.org/CVE-2019-3859.html)
+
This release would not have looked like this without help, code, reports and
advice from friends like these:
- Alexander Lamaison, Antenore Gatta, Brad Harder, Charles Collicutt,
- Craig A. Berry, Dan Fandrich, Daniel Stenberg, Kamil Dudka, Keno Fischer,
- Taylor Holberton, Viktor Szakats, Will Cosgrove, Zenju
- (12 contributors)
-
- Thanks! (and sorry if I forgot to mention someone)
+ Chris Coulson, Michael Buckley, Will Cosgrove, Daniel Stenberg
+ (4 contributors)