Name : curl Product : Fedora 15 Version : 7.21.3 Release : 13.fc15 URL : http://curl.haxx.se/ Summary : A utility for getting files from remote servers (FTP, HTTP, and others) Description : curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+password authentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer resume, proxy tunneling and a busload of other useful tricks.
------------------------------------------------------------------------------- - Update Information:
reject URLs containing bad data (CVE-2012-0036) ------------------------------------------------------------------------------- - ChangeLog:
* Tue Jan 24 2012 Kamil Dudka <kdudka@redhat.com> 7.21.3-13 - reject URLs containing bad data (CVE-2012-0036) * Mon Sep 19 2011 Kamil Dudka <kdudka@redhat.com> 7.21.3-12 - curl-config now provides dummy --static-libs option (#733956) - break busy loops in tests 502, 555, and 573 * Sun Aug 21 2011 Paul Howarth <paul@city-fan.org> 7.21.3-11 - actually fix SIGSEGV of curl -O -J given more than one URL (#723075) * Tue Aug 16 2011 Kamil Dudka <kdudka@redhat.com> 7.21.3-10 - fix SIGSEGV of curl -O -J given more than one URL (#723075) - introduce the --delegation option of curl (#730444) - initialize NSS with no database if the selected database is broken (#728562) * Wed Aug 3 2011 Kamil Dudka <kdudka@redhat.com> 7.21.3-9 - add a new option CURLOPT_GSSAPI_DELEGATION (#719939) * Thu Jun 23 2011 Kamil Dudka <kdudka@redhat.com> 7.21.3-8 - do not delegate GSSAPI credentials (CVE-2011-2192) * Wed Jun 8 2011 Kamil Dudka <kdudka@redhat.com> 7.21.3-7 - avoid an invalid timeout event on a reused handle (#679709) - sync the NSS code with upstream f551aa5 (several bug fixes) - sync the code of curl-multi with upstream f551aa5 (several bug fixes) ------------------------------------------------------------------------------- - References:
[ 1 ] Bug #773457 - CVE-2012-0036 curl: URL sanitization vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=773457 ------------------------------------------------------------------------------- -
This update can be installed with the "yum" update program. Use su -c 'yum update curl' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ------------------------------------------------------------------------------- - _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-announce
|