MDVSA-2015:021: curl

Updated curl packages fix security vulnerability:

When libcurl sends a request to a server via a HTTP proxy, it copies
the entire URL into the request and sends if off. If the given URL
contains line feeds and carriage returns those will be sent along to
the proxy too, which allows the program to for example send a separate
HTTP request injected embedded in the URL (CVE-2014-8150).

Leave a Reply