Overview

File _patchinfo of Package patchinfo.1898

<patchinfo incident="1898">
  <issue id="936676" tracker="bnc">sles12 curl package has bug implementing curl-secure-getenv.patch</issue>
  <issue id="962996" tracker="bnc">curl: expired cookie causes failure of test 46</issue>
  <issue id="962983" tracker="bnc">VUL-0: CVE-2016-0755: curl: libcurl NTLM credentials not-checked for proxy connection re-use</issue>
  <issue id="934333" tracker="bnc">Run curl testsuite during build</issue>
  <issue id="CVE-2016-0755" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>vitezslav_cizek</packager>
  <description>
This update for curl fixes the following issues:

- CVE-2016-0755: libcurl would reuse NTLM-authenticated proxy connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer (bsc#962983)

The following non-security bugs were fixed:

- bsc#936676: secure_getenv or __secure_getenv may not be detected correctly at build time

The following tracked bugs only affect the test suite:

- bsc#962996: Expired cookie in test 46 caused test failures
- bsc#934333: Curl test suite was not run, is now enabled during build
</description>
  <summary>Security update for curl</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places