Updated curl packages fix security vulnerabilities:

In cURL before 7.38.0, libcurl can be fooled to both sending cookies
to wrong sites and into allowing arbitrary sites to set cookies for
others. For this problem to trigger, the client application must use
the numerical IP address in the URL to access the site (CVE-2014-3613).

In cURL before 7.38.0, libcurl wrongly allows cookies to be set for Top
Level Domains (TLDs), thus making them apply broader than cookies are
allowed. This can allow arbitrary sites to set cookies that then would
get sent to a different and unrelated site or domain (CVE-2014-3620).