CVE-2015-3148
cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request.
Date published : 2015-04-24
http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html