The following vulnerabilities have been fixed in curl:

- IMAP, POP3 and SMTP URL sanitization vulnerability
(CVE-2012-0036)
- disable SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS (CVE-2011-3389)
- disable SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG option
for older openssl versions (CVE-2010-4180)