Resolved Bugs
1214183 – CVE-2015-3148 curl: “Negotiate” not treated as connection-oriented [fedora-all]
1214184 – CVE-2015-3143 curl: re-using authenticated connection when unauthenticated [fedora-all]
1214182 – CVE-2015-3145 curl: cookie parser out of boundary memory access [fedora-all]
1213351 – CVE-2015-3148 curl: “Negotiate” not treated as connection-oriented
1213306 – CVE-2015-3143 curl: re-using authenticated connection when unauthenticated
1213347 – CVE-2015-3145 curl: cookie parser out of boundary memory access<br
– require credentials to match for NTLM re-use (CVE-2015-3143)
– fix invalid write in cookie path sanitization code (CVE-2015-3145)
– close Negotiate connections when done (CVE-2015-3148)