Security update for curl
Curl was updated to fix two security issues and enable metalink support
The following vulnerabilities were fixed:
* CVE-2015-3236: libcurl could have wrongly send HTTP credentials when re-using connections (boo#934501)
* CVE-2015-3237: libcurl could have been tricked by a malicious SMB server to send off data it did not intend to (boo#934502)
The following feature was enabled:
* boo#851126: enable metalink support.
-
Submitted by
Michael Vetter (jubalh)
Fixed bugs
bnc#851126
curl not built with metalink support
bnc#934501
VUL-0: CVE-2015-3236: curl: lingering HTTP credentials in connection re-use
bnc#934502
VUL-1: CVE-2015-3237: curl: SMB send off unrelated memory contents
