ELSA-2015-1254

Описание

[7.19.7-46]

• require credentials to match for NTLM re-use (CVE-2015-3143)
• close Negotiate connections when done (CVE-2015-3148)

[7.19.7-45]

• reject CRLFs in URLs passed to proxy (CVE-2014-8150)

[7.19.7-44]

• use only full matches for hosts used as IP address in cookies (CVE-2014-3613)
• fix handling of CURLOPT_COPYPOSTFIELDS in curl_easy_duphandle (CVE-2014-3707)

[7.19.7-43]

• fix manpage typos found using aspell (#1011101)
• fix comments about loading CA certs with NSS in man pages (#1011083)
• fix handling of DNS cache timeout while a transfer is in progress (#835898)
• eliminate unnecessary inotify events on upload via file protocol (#883002)
• use correct socket type in the examples (#997185)
• do not crash if MD5 fingerprint is not provided by libssh2 (#1008178)
• fix SIGSEGV of curl --retry when network is down (#1009455)
• allow to use TLS 1.1 and TLS 1.2 (#1012136)
• docs: update the links to cipher-suites supported by NSS (#1104160)
• allow to use ECC ciphers if NSS implements them (#1058767)
• make curl --trace-time print correct time (#1120196)
• let tool call PR_Cleanup() on exit if NSPR is used (#1146528)
• ignore CURLOPT_FORBID_REUSE during NTLM HTTP auth (#1154747)
• allow to enable/disable new AES cipher-suites (#1156422)
• include response headers added by proxy in CURLINFO_HEADER_SIZE (#1161163)
• disable libcurl-level downgrade to SSLv3 (#1154059)

[7.19.7-42]

• do not force connection close after failed HEAD request (#1168137)
• fix occasional SIGSEGV during SSL handshake (#1168668)

[7.19.7-41]

• fix a connection failure when FTPS handle is reused (#1154663)