libssh2/RELEASE-NOTES

libssh2 1.8.1

This release includes the following bugfixes:
 
 o fixed possible integer overflow when reading a specially crafted packet 
   (https://www.libssh2.org/CVE-2019-3855.html)
 o fixed possible integer overflow in userauth_keyboard_interactive with a 
   number of extremely long prompt strings 
   (https://www.libssh2.org/CVE-2019-3863.html)
 o fixed possible integer overflow if the server sent an extremely large number 
   of keyboard prompts (https://www.libssh2.org/CVE-2019-3856.html)
 o fixed possible out of bounds read when processing a specially crafted packet 
   (https://www.libssh2.org/CVE-2019-3861.html)
 o fixed possible integer overflow when receiving a specially crafted exit 
   signal message channel packet (https://www.libssh2.org/CVE-2019-3857.html)
 o fixed possible out of bounds read when receiving a specially crafted exit 
   status message channel packet (https://www.libssh2.org/CVE-2019-3862.html)
 o fixed possible zero byte allocation when reading a specially crafted SFTP 
   packet (https://www.libssh2.org/CVE-2019-3858.html)
 o fixed possible out of bounds reads when processing specially crafted SFTP 
   packets (https://www.libssh2.org/CVE-2019-3860.html)
 o fixed possible out of bounds reads in _libssh2_packet_require(v) 
   (https://www.libssh2.org/CVE-2019-3859.html)

This release would not have looked like this without help, code, reports and
advice from friends like these:

  Chris Coulson, Michael Buckley, Will Cosgrove, Daniel Stenberg
  (4 contributors)
Release notes from 1.8.1 2019-03-14 16:22:36 -07:00			`libssh2 1.8.1`
RELEASE-NOTES: 1.7.0 release 2016-02-23 08:21:18 +01:00
RELEASE-NOTES: fixed for 1.4.3 2012-11-27 22:39:18 +01:00			`This release includes the following bugfixes:`
bump: start working toward 1.5.1 now 2015-03-11 08:21:09 +01:00
Release notes from 1.8.1 2019-03-14 16:22:36 -07:00			`o fixed possible integer overflow when reading a specially crafted packet`
			`(https://www.libssh2.org/CVE-2019-3855.html)`
			`o fixed possible integer overflow in userauth_keyboard_interactive with a`
			`number of extremely long prompt strings`
			`(https://www.libssh2.org/CVE-2019-3863.html)`
			`o fixed possible integer overflow if the server sent an extremely large number`
			`of keyboard prompts (https://www.libssh2.org/CVE-2019-3856.html)`
			`o fixed possible out of bounds read when processing a specially crafted packet`
			`(https://www.libssh2.org/CVE-2019-3861.html)`
			`o fixed possible integer overflow when receiving a specially crafted exit`
			`signal message channel packet (https://www.libssh2.org/CVE-2019-3857.html)`
			`o fixed possible out of bounds read when receiving a specially crafted exit`
			`status message channel packet (https://www.libssh2.org/CVE-2019-3862.html)`
			`o fixed possible zero byte allocation when reading a specially crafted SFTP`
			`packet (https://www.libssh2.org/CVE-2019-3858.html)`
			`o fixed possible out of bounds reads when processing specially crafted SFTP`
			`packets (https://www.libssh2.org/CVE-2019-3860.html)`
			`o fixed possible out of bounds reads in _libssh2_packet_require(v)`
			`(https://www.libssh2.org/CVE-2019-3859.html)`

Release notes for the pending release I hope to maintain this file during development so that we also add changes and bugfixes to it when we change things. Makes the daily snapshots better and makes less of a hurdle when the release day comes. 2009-07-29 14:35:42 +02:00			`This release would not have looked like this without help, code, reports and`
			`advice from friends like these:`

Release notes from 1.8.1 2019-03-14 16:22:36 -07:00			`Chris Coulson, Michael Buckley, Will Cosgrove, Daniel Stenberg`
			`(4 contributors)`