Hello community, here is the log from the commit of package patchinfo.3842 for openSUSE:13.2:Update checked in at 2015-06-24 14:41:39 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:13.2:Update/patchinfo.3842 (Old) and /work/SRC/openSUSE:13.2:Update/.patchinfo.3842.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "patchinfo.3842" Changes: -------- New Changes file: NO CHANGES FILE!!! New: ---- _patchinfo ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ _patchinfo ++++++ <patchinfo incident="3842"> <packager>jubalh</packager> <issue tracker="bnc" id="851126">curl not built with metalink support</issue> <issue tracker="cve" id="CVE-2015-3237"></issue> <issue tracker="cve" id="CVE-2015-3236"></issue> <issue tracker="bnc" id="934501">VUL-0: CVE-2015-3236: curl: lingering HTTP credentials in connection re-use</issue> <issue tracker="bnc" id="934502">VUL-1: CVE-2015-3237: curl: SMB send off unrelated memory contents</issue> <category>security</category> <rating>moderate</rating> <summary>Security update for curl</summary> <description>Curl was updated to fix two security issues and enable metalink support The following vulnerabilities were fixed: * CVE-2015-3236: libcurl could have wrongly send HTTP credentials when re-using connections (boo#934501) * CVE-2015-3237: libcurl could have been tricked by a malicious SMB server to send off data it did not intend to (boo#934502) The following feature was enabled: * boo#851126: enable metalink support.</description> </patchinfo>