[3.3] libotr: Integer overflow when receiving messages bigger than 4GB (CVE-2016-2851)
Versions 4.1.0 and earlier of libotr in 64-bit builds contain an
overflow security flaw. This flaw could potentially be exploited by a
remote attacker to cause a heap buffer overflow and subsequently for
arbitrary code to be executed on the user’s machine.
Upgrade to libotr 4.1.1
(from redmine: issue id 5256, created on 2016-03-10, closed on 2016-06-15)
main/libotr: upgrade version to 4.1.1 due to CVE-2016-2851 fixes #5256 (cherry picked from commit 719fd59bc6e33da1a3fb549e6c4fa24848c34e91)