curl security, bug fix, and enhancement update

2017-08-07T00:00:00
ID ELSA-2017-2016
Type oraclelinux
Reporter Oracle
Modified 2017-08-07T00:00:00

Description

[7.29.0-42] - fix use of uninitialized variable detected by Covscan [7.29.0-41] - make FTPS work with --proxytunnel (#1420327) [7.29.0-40] - make FTPS work with --proxytunnel (#1420327) [7.29.0-39] - work around race condition in PK11_FindSlotByName() in NSS (#1404815) [7.29.0-38] - make FTPS work with --proxytunnel (#1420327) [7.29.0-37] - fix tight loop in non-blocking TLS handhsake over proxy (#1388162) - handle cookies with numerical IPv6 address (#1341503) - make libcurl recognize chacha20-poly1305 and SHA384 cipher-suites (#1374740) - curl -E: allow to escape ':' in cert nickname (#1376062) - run automake in %prep to avoid patching Makefile.in files from now on [7.29.0-36] - reject negative string lengths in curl_easy_[un]escape() (CVE-2016-7167)