Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: <updates <at> fedoraproject.org>
Subject: [SECURITY] Fedora 15 Update: curl-7.21.3-13.fc15
Newsgroups: gmane.linux.redhat.fedora.package.announce
Date: Saturday 11th February 2012 22:04:59 UTC (over 4 years ago)
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-0888
2012-01-24 19:20:27
--------------------------------------------------------------------------------

Name        : curl
Product     : Fedora 15
Version     : 7.21.3
Release     : 13.fc15
URL         : http://curl.haxx.se/
Summary     : A utility for getting files from remote servers (FTP, HTTP,
and others)
Description :
curl is a command line tool for transferring data with URL syntax,
supporting
FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE,
IMAP,
SMTP, POP3 and RTSP.  curl supports SSL certificates, HTTP POST, HTTP PUT,
FTP
uploading, HTTP form based upload, proxies, cookies, user+password
authentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer
resume, proxy tunneling and a busload of other useful tricks.

--------------------------------------------------------------------------------
Update Information:

reject URLs containing bad data (CVE-2012-0036)
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jan 24 2012 Kamil Dudka  7.21.3-13
- reject URLs containing bad data (CVE-2012-0036)
* Mon Sep 19 2011 Kamil Dudka  7.21.3-12
- curl-config now provides dummy --static-libs option (#733956)
- break busy loops in tests 502, 555, and 573
* Sun Aug 21 2011 Paul Howarth  7.21.3-11
- actually fix SIGSEGV of curl -O -J given more than one URL (#723075)
* Tue Aug 16 2011 Kamil Dudka  7.21.3-10
- fix SIGSEGV of curl -O -J given more than one URL (#723075)
- introduce the --delegation option of curl (#730444)
- initialize NSS with no database if the selected database is broken
(#728562)
* Wed Aug  3 2011 Kamil Dudka  7.21.3-9
- add a new option CURLOPT_GSSAPI_DELEGATION (#719939)
* Thu Jun 23 2011 Kamil Dudka  7.21.3-8
- do not delegate GSSAPI credentials (CVE-2011-2192)
* Wed Jun  8 2011 Kamil Dudka  7.21.3-7
- avoid an invalid timeout event on a reused handle (#679709)
- sync the NSS code with upstream f551aa5 (several bug fixes)
- sync the code of curl-multi with upstream f551aa5 (several bug fixes)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #773457 - CVE-2012-0036 curl: URL sanitization vulnerability
        https://bugzilla.redhat.com/show_bug.cgi?id=773457
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update curl' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on
the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
[email protected]
https://admin.fedoraproject.org/mailman/listinfo/package-announce
 
CD: 3ms