This bug was fixed in the package curl - 7.25.0-1ubuntu1

---------------
curl (7.25.0-1ubuntu1) quantal; urgency=low

  * Merge from Debian testing (LP: #1003049).  Remaining changes:
    - Drop dependencies not in main:
      + Build-Depends: Drop stunnel4 and libssh2-1-dev.
      + Drop libssh2-1-dev from libcurl4-openssl-dev's Depends.
    - Add new libcurl3-udeb package.
    - Add new curl-udeb package.
    - Also closes (LP: #855291)
  * debian/patches/CVE-2012-0036.patch: Dropped. CVE resolved upstream.

curl (7.25.0-1) unstable; urgency=low

  * New upstream release
    - Add --ssl-allow-beast and CURLOPT_SSL_OPTIONS (Closes: #658276)
    - Allow negative numbers as option value (Closes: #659591)
  * Add libssh2-1-dev to libcurl4-gnutls-dev and libcurl4-nss-dev Depends
  * Bump debhelper compat level to 9
    - Make *.links files executable to simplify rules file
  * Pass --as-needed ld flag to avoid unneeded dependencies
    - Add workaround_as_needed_bug to workaround a libtool bug
    - Drop dont_link_to_krb5 (not needed because of --as-needed)
  * Do some clean-up in debian/rules
  * Update debian/copyright format as in Debian Policy 3.9.3
  * Bump Standards-Version to 3.9.3
  * Explicit Conflicts in -dev packages (fixes binaries-have-file-conflict)
  * Add openssh-server to build depends to enable some more tests
  * Update upstream copyright years
  * Refresh patches

curl (7.24.0-1) unstable; urgency=high

  * New upstream release
    - Improve documentation for the --capath option (Closes: #628697)
    - Fix URL sanitization vulnerability as per CVE-2012-0036
      http://curl.haxx.se/docs/adv_20120124.html
    - Fix SSL CBC IV vulnerability as per CVE-2011-3389
      http://curl.haxx.se/docs/adv_20120124B.html
    - Set urgency=high accordingly
  * Remove curl_links_with_rt patch (curl links to librt anyway)
  * Improve descriptions of -dev and -dbg packages
  * Drop fix_manpage_spelling and versioned patches (merged upstream)
  * Refresh patches
  * Add keep_symbols_compat patch to not break backwards ABI compatibility
  * Enable libssh2 support for GnuTLS and NSS flavours too
    (libssh2 now uses libgcrypt instead of libssl)

curl (7.23.1-3) unstable; urgency=low

  * Enable security hardening flags
  * Remove libdb-dev from B-D (not used)
  * Improve short and  long descriptions
  * Provide proper *.symbols files (Closes: #651619)
  * Do not version Curl_* symbols (for internal use only)
  * Do not override dh_makeshlibs version anymore

curl (7.23.1-2) unstable; urgency=low

  * Bump shlibs version for libcurl3-nss (Closes: #650498)

curl (7.23.1-1) unstable; urgency=low

  * New upstream release
    - Do not use gnutls_priority_set_direct and
      gnutls_certificate_type_set_priority anymore (Closes: #624024)
  * Refresh patches
  * Add --enable-debug flag to configure (Closes: #648902)
  * One Provides/Replaces per line
  * libcurl4-openssl-dev Provides libcurl4-dev too (Closes: #644126)
  * Specify only 3 components for Standards-Version
    (the fourth is not really needed)
  * Move ca-certificates to Recommends in lib* packages (Closes: #546607)
  * Add NSS flavour to versioned symbols
 -- Andres Rodriguez <email address hidden>   Tue, 22 May 2012 14:53:29 -0400