curl, libcurl security update

CentOS Errata and Security Advisory CESA-2013:0771

cURL provides the libcurl library and a command line tool for downloading
files from servers using various protocols, including HTTP, FTP, and LDAP.

A flaw was found in the way libcurl matched domains associated with
cookies. This could lead to cURL or an application linked against libcurl
sending the wrong cookie if only part of the domain name matched the domain
associated with the cookie, disclosing the cookie to unrelated hosts.
(CVE-2013-1944)

Red Hat would like to thank the cURL project for reporting this issue.
Upstream acknowledges YAMADA Yasuharu as the original reporter.

Users of curl should upgrade to these updated packages, which contain a
backported patch to correct this issue. All running applications using
libcurl must be restarted for the update to take effect.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2013-April/081864.html
https://lists.centos.org/pipermail/centos-announce/2013-April/081866.html

Affected packages:
curl
curl-devel
libcurl
libcurl-devel

Upstream details at:
https://access.redhat.com/errata/RHSA-2013:0771