Opened 8 years ago

Closed 8 years ago

#6618 closed enhancement (fixed)


Reported by: Fernando de Oliveira Owned by: Fernando de Oliveira
Priority: high Milestone: 7.8
Component: BOOK Version: SVN
Severity: normal Keywords:

Description (last modified by Fernando de Oliveira) (CVE-2015-3236) (CVE-2015-3237)


 Fixed in 7.43.0 - June 17 2015


   • New curl option: --proxy-service-name
   • New curl option: --service-name
   • New curl option: --data-raw
   • Added support for multiplexing transfers using HTTP/2, enable this
   • HTTP/2: requires nghttp2 1.0.0 or later
   • scripts: add for generating zsh completion
   • curl.h: add CURL_HTTP_VERSION_2 


   • CVE-2015-3236: lingering HTTP credentials in connection re-use
   • CVE-2015-3237: SMB send off unrelated memory contents
   • nss: fix compilation failure with old versions of NSS
   • curl_easy_getinfo.3: document 'internals' in CURLINFO_TLS_SESSION
   • schannel.c: Fix possible SEC_E_BUFFER_TOO_SMALL error
   • Curl_ossl_init: load builtin modules
   • configure: follow-up fix for krb5-config
   • sasl_sspi: Populate domain from the realm in the challenge
   • netrc: support 'default' token
   • README: convert to UTF-8
   • cyassl: Implement public key pinning
   • nss: implement public key pinning for NSS backend
   • mingw build: add arch -m32/-m64 to LDFLAGS
   • schannel: Fix out of bounds array
   • configure: remove autogenerated files by autoconf
   • configure: remove --automake from libtoolize call
   • acinclude.m4: fix shell test for default CA cert bundle/path
   • schannel: fix regression in schannel_recv
   • openssl: skip trace outputs for ssl_ver == 0
   • gnutls: properly retrieve certificate status
   • netrc: Read in text mode when cygwin
   • winbuild: Document the option used to statically link the CRT
   • FTP: Make EPSV use the control IP address rather than the original
   • FTP: fix dangling conn->ip_addr dereference on verbose EPSV
   • conncache: keep bundles on host+port bases, not only host names
   • use 'h2c' now, no -14 anymore
   • curlver: introducing new version number (checking) macros
   • openssl: boringssl build brekage, use SSL_CTX_set_msg_callback
   • CURLOPT_POSTFIELDS.3: correct variable names
   • curl_easy_unescape.3: update RFC reference
   • gnutls: don't fail on non-fatal alerts during handshake
   • allow source to be in an arbitrary directory
   • CURLOPT_HTTPPROXYTUNNEL.3: only works with a HTTP proxy
   • SSPI-error: Change SEC_E_ILLEGAL_MESSAGE description
   • parse_proxy: switch off tunneling if non-HTTP proxy
   • share_init: fix OOM crash
   • perl: remove subdir, not touched in 9 years
   • CURLOPT_COOKIELIST.3: Add example
   • CURLOPT_COOKIE.3: Explain that the cookies won't be modified
   • CURLOPT_COOKIELIST.3: Explain Set-Cookie without a domain
   • FAQ: How do I port libcurl to my OS?
   • openssl: Use TLS_client_method for OpenSSL 1.1.0+
   • HTTP-NTLM: fail auth on connection close instead of looping
   • curl_setup: Add macros for FOPEN_READTEXT, FOPEN_WRITETEXT
   • curl_getdate.3: update RFC reference
   • curl_multi_info_read.3: added example
   • curl_multi_perform.3: added example
   • curl_multi_timeout.3: added example
   • cookie: Stop exporting any-domain cookies
   • openssl: remove dummy callback use from SSL_CTX_set_verify()
   • openssl: remove SSL_get_session()-using code
   • openssl: removed USERDATA_IN_PWD_CALLBACK kludge
   • openssl: removed error string #ifdef
   • openssl: Fix verification of server-sent legacy intermediates
   • docs: man page indentation and syntax fixes
   • docs: Spelling fixes
   • fopen.c: fix a few compiler warnings
   • CURLOPT_OPENSOCKETFUNCTION: return error at once
   • schannel: Add support for optional client certificates
   • build: Properly detect OpenSSL 1.0.2 when using configure
   • urldata: store POST size in state.infilesize too
   • security:choose_mech remove dead code
   • rtsp_do: remove dead code
   • docs: many HTTP URIs changed to HTTPS
   • schannel: schannel_recv overhaul

Change History (4)

comment:1 by Fernando de Oliveira, 8 years ago

Priority: normalhigh

comment:2 by Fernando de Oliveira, 8 years ago

Description: modified (diff)

comment:3 by Fernando de Oliveira, 8 years ago

Owner: changed from blfs-book@… to Fernando de Oliveira
Status: newassigned

comment:4 by Fernando de Oliveira, 8 years ago

Resolution: fixed
Status: assignedclosed

fixed at r16135.

Note: See TracTickets for help on using tickets.