Update to 1.8.1
- New upstream release 1.8.1
- Fixed possible integer overflow when reading a specially crafted packet
(CVE-2019-3855)
- Fixed possible integer overflow in userauth_keyboard_interactive with a
number of extremely long prompt strings (CVE-2019-3863)
- Fixed possible integer overflow if the server sent an extremely large
number of keyboard prompts (CVE-2019-3856)
- Fixed possible out of bounds read when processing a specially crafted
packet (CVE-2019-3861)
- Fixed possible integer overflow when receiving a specially crafted exit
signal message channel packet (CVE-2019-3857)
- Fixed possible out of bounds read when receiving a specially crafted exit
status message channel packet (CVE-2019-3862)
- Fixed possible zero byte allocation when reading a specially crafted SFTP
packet (CVE-2019-3858)
- Fixed possible out of bounds reads when processing specially crafted SFTP
packets (CVE-2019-3860)
- Fixed possible out of bounds reads in _libssh2_packet_require(v)
(CVE-2019-3859)
- Fix mis-applied patch in the fix of CVE-2019-3859
- https://github.com/libssh2/libssh2/issues/325
- https://github.com/libssh2/libssh2/pull/327