curl vulnerabilities ironed out with patches after week-long tease