Didn't curl have the problem...
...that it was left without maintainer because nobody wanted to touch that code?
The popular file transfer library Curl has squashed 11 bugs. Detailed on the tool's security page, CVEs 2016-8615 through 2016-8625 do things like send the tool to the wrong host, or allow an attacker to "cause [a] connection to be reused if s/he knows the case-insensitive version of the correct password." Upgrading to Curl 7 …