Resolved Bugs
1214183 – CVE-2015-3148 curl: “Negotiate” not treated as connection-oriented [fedora-all]
1213306 – CVE-2015-3143 curl: re-using authenticated connection when unauthenticated
1214181 – CVE-2015-3144 curl: host name out of boundary memory access [fedora-all]
1213347 – CVE-2015-3145 curl: cookie parser out of boundary memory access
1213351 – CVE-2015-3148 curl: “Negotiate” not treated as connection-oriented
1214184 – CVE-2015-3143 curl: re-using authenticated connection when unauthenticated [fedora-all]
1213335 – CVE-2015-3144 curl: host name out of boundary memory access
1214182 – CVE-2015-3145 curl: cookie parser out of boundary memory access [fedora-all]<br
– require credentials to match for NTLM re-use (CVE-2015-3143)
– fix invalid write with a zero-length host name in URL (CVE-2015-3144)
– fix invalid write in cookie path sanitization code (CVE-2015-3145)
– close Negotiate connections when done (CVE-2015-3148)