ChangeLog for: 2016-08-06 20:29:16

n/curl-7.50.1-x86_64-1.txz:  Upgraded.
  This release fixes security issues:
  TLS: switch off SSL session id when client cert is used
  TLS: only reuse connections with the same client cert
  curl_multi_cleanup: clear connection pointer for easy handles
  For more information, see:
    https://curl.haxx.se/docs/adv_20160803A.html
    https://curl.haxx.se/docs/adv_20160803B.html
    https://curl.haxx.se/docs/adv_20160803C.html
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5419
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5420
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5421
  (* Security fix *)
n/mutt-1.6.2-x86_64-1.txz:  Upgraded.
n/openssh-7.3p1-x86_64-1.txz:  Upgraded.
  This is primarily a bugfix release, and also addresses security issues.
  sshd(8): Mitigate a potential denial-of-service attack against the system's
  crypt(3) function via sshd(8).
  sshd(8): Mitigate timing differences in password authentication that could
  be used to discern valid from invalid account names when long passwords were
  sent and particular password hashing algorithms are in use on the server.
  ssh(1), sshd(8): Fix observable timing weakness in the CBC padding oracle
  countermeasures. 
  ssh(1), sshd(8): Improve operation ordering of MAC verification for
  Encrypt-then-MAC (EtM) mode transport MAC algorithms to verify the MAC
  before decrypting any ciphertext. 
  sshd(8): (portable only) Ignore PAM environment vars when UseLogin=yes.
  For more information, see:
    http://www.openssh.com/txt/release-7.3
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6210
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8325
  (* Security fix *)
n/stunnel-5.35-x86_64-1.txz:  Upgraded.
  Fixes security issues:
  Fixed malfunctioning "verify = 4".
  Fixed incorrectly enforced client certificate requests.
  (* Security fix *)