CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a URL.
http://advisories.mageia.org/MGASA-2015-0020.html
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10743
http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147856.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147876.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156945.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157188.html
http://lists.opensuse.org/opensuse-updates/2015-02/msg00040.html
http://rhn.redhat.com/errata/RHSA-2015-1254.html
http://secunia.com/advisories/61925
http://secunia.com/advisories/62075
http://secunia.com/advisories/62361
https://kc.mcafee.com/corporate/index?page=content&id=SB10131
https://security.gentoo.org/glsa/201701-47
https://support.apple.com/kb/HT205031
http://www.debian.org/security/2015/dsa-3122
http://www.mandriva.com/security/advisories?name=MDVSA-2015:021
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html