diff options
Diffstat (limited to 'libs/libssh2/docs')
| -rw-r--r-- | libs/libssh2/docs/RELEASE-NOTES | 48 |
1 files changed, 23 insertions, 25 deletions
diff --git a/libs/libssh2/docs/RELEASE-NOTES b/libs/libssh2/docs/RELEASE-NOTES index 5b78ede381..6c2d7de324 100644 --- a/libs/libssh2/docs/RELEASE-NOTES +++ b/libs/libssh2/docs/RELEASE-NOTES @@ -1,31 +1,29 @@ -libssh2 1.8.0 - -This release includes the following changes: - - o added a basic dockerised test suite - o crypto: add support for the mbedTLS backend +libssh2 1.8.1 This release includes the following bugfixes: - - o libgcrypt: fixed a NULL pointer dereference on OOM - o VMS: can't use %zd for off_t format - o VMS: update vms/libssh2_config.h - o windows: link with crypt32.lib - o libssh2_channel_open: speeling error fixed in channel error message - o msvc: fixed 14 compilation warnings - o tests: HAVE_NETINET_IN_H was not defined correctly - o openssl: add OpenSSL 1.1.0 compatibility - o cmake: Add CLEAR_MEMORY option, analogously to that for autoconf - o configure: make the --with-* options override the OpenSSL default - o libssh2_wait_socket: set err_msg on errors - o libssh2_wait_socket: Fix comparison with api_timeout to use milliseconds + o fixed possible integer overflow when reading a specially crafted packet + (https://www.libssh2.org/CVE-2019-3855.html) + o fixed possible integer overflow in userauth_keyboard_interactive with a + number of extremely long prompt strings + (https://www.libssh2.org/CVE-2019-3863.html) + o fixed possible integer overflow if the server sent an extremely large number + of keyboard prompts (https://www.libssh2.org/CVE-2019-3856.html) + o fixed possible out of bounds read when processing a specially crafted packet + (https://www.libssh2.org/CVE-2019-3861.html) + o fixed possible integer overflow when receiving a specially crafted exit + signal message channel packet (https://www.libssh2.org/CVE-2019-3857.html) + o fixed possible out of bounds read when receiving a specially crafted exit + status message channel packet (https://www.libssh2.org/CVE-2019-3862.html) + o fixed possible zero byte allocation when reading a specially crafted SFTP + packet (https://www.libssh2.org/CVE-2019-3858.html) + o fixed possible out of bounds reads when processing specially crafted SFTP + packets (https://www.libssh2.org/CVE-2019-3860.html) + o fixed possible out of bounds reads in _libssh2_packet_require(v) + (https://www.libssh2.org/CVE-2019-3859.html) + This release would not have looked like this without help, code, reports and advice from friends like these: - Alexander Lamaison, Antenore Gatta, Brad Harder, Charles Collicutt, - Craig A. Berry, Dan Fandrich, Daniel Stenberg, Kamil Dudka, Keno Fischer, - Taylor Holberton, Viktor Szakats, Will Cosgrove, Zenju - (12 contributors) - - Thanks! (and sorry if I forgot to mention someone) + Chris Coulson, Michael Buckley, Will Cosgrove, Daniel Stenberg + (4 contributors) |