PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2026-01-26 16:19:03 +00:00
Code Issues Projects Releases Wiki Activity

Update libssh2 to 1.8.1. Fixes #1523

Browse Source
This commit is contained in:
dmiller
2019-03-20 03:33:51 +00:00
parent 840af24083
commit 2f7b505bd8
31 changed files with 976 additions and 456 deletions
Download Patch File Download Diff File Expand all files Collapse all files

48
libssh2/RELEASE-NOTES
View File

@@ -1,31 +1,29 @@
libssh2 1.8.0
This release includes the following changes:
o added a basic dockerised test suite
o crypto: add support for the mbedTLS backend
libssh2 1.8.1
This release includes the following bugfixes:
o libgcrypt: fixed a NULL pointer dereference on OOM
o VMS: can't use %zd for off_t format
o VMS: update vms/libssh2_config.h
o windows: link with crypt32.lib
o libssh2_channel_open: speeling error fixed in channel error message
o msvc: fixed 14 compilation warnings
o tests: HAVE_NETINET_IN_H was not defined correctly
o openssl: add OpenSSL 1.1.0 compatibility
o cmake: Add CLEAR_MEMORY option, analogously to that for autoconf
o configure: make the --with-* options override the OpenSSL default
o libssh2_wait_socket: set err_msg on errors
o libssh2_wait_socket: Fix comparison with api_timeout to use milliseconds
o fixed possible integer overflow when reading a specially crafted packet
(https://www.libssh2.org/CVE-2019-3855.html)
o fixed possible integer overflow in userauth_keyboard_interactive with a
number of extremely long prompt strings
(https://www.libssh2.org/CVE-2019-3863.html)
o fixed possible integer overflow if the server sent an extremely large number
of keyboard prompts (https://www.libssh2.org/CVE-2019-3856.html)
o fixed possible out of bounds read when processing a specially crafted packet
(https://www.libssh2.org/CVE-2019-3861.html)
o fixed possible integer overflow when receiving a specially crafted exit
signal message channel packet (https://www.libssh2.org/CVE-2019-3857.html)
o fixed possible out of bounds read when receiving a specially crafted exit
status message channel packet (https://www.libssh2.org/CVE-2019-3862.html)
o fixed possible zero byte allocation when reading a specially crafted SFTP
packet (https://www.libssh2.org/CVE-2019-3858.html)
o fixed possible out of bounds reads when processing specially crafted SFTP
packets (https://www.libssh2.org/CVE-2019-3860.html)
o fixed possible out of bounds reads in _libssh2_packet_require(v)
(https://www.libssh2.org/CVE-2019-3859.html)
This release would not have looked like this without help, code, reports and
advice from friends like these:
Alexander Lamaison, Antenore Gatta, Brad Harder, Charles Collicutt,
Craig A. Berry, Dan Fandrich, Daniel Stenberg, Kamil Dudka, Keno Fischer,
Taylor Holberton, Viktor Szakats, Will Cosgrove, Zenju
(12 contributors)
Thanks! (and sorry if I forgot to mention someone)
Chris Coulson, Michael Buckley, Will Cosgrove, Daniel Stenberg
(4 contributors)