Two security issues were discovered in Curl: Cookies were incorrectly
validated against the public suffix list of domains and in same cases
HSTS data could fail to save to disk.

https://security-tracker.debian.org/tracker/DSA-5587-1

Read More