Overview Details

File _patchinfo of Package patchinfo

<patchinfo incident="3842">
  <packager>jubalh</packager>
  <issue tracker="bnc" id="851126">curl not built with metalink support</issue>
  <issue tracker="cve" id="CVE-2015-3237"></issue>
  <issue tracker="cve" id="CVE-2015-3236"></issue>
  <issue tracker="bnc" id="934501">VUL-0: CVE-2015-3236: curl: lingering HTTP credentials in connection re-use</issue>
  <issue tracker="bnc" id="934502">VUL-1: CVE-2015-3237: curl: SMB send off unrelated memory contents</issue>
  <category>security</category>
  <rating>moderate</rating>
  <summary>Security update for curl</summary>
  <description>Curl was updated to fix two security issues and enable metalink support

The following vulnerabilities were fixed:

* CVE-2015-3236: libcurl could have wrongly send HTTP credentials when re-using connections (boo#934501)
* CVE-2015-3237: libcurl could have been tricked by a malicious SMB server to send off data it did not intend to (boo#934502)

The following feature was enabled:

* boo#851126: enable metalink support.</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places