CVE-2016-9586: libcurl printf floating point buffer overflow (bsc#1015332)
CVE-2017-7407: The ourWriteOut function in tool_writeout.c in curl might have allowed physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which lead to a heap-based buffer over-read (bsc#1032309).
With this release new default ciphers are active (SUSE_DEFAULT, bsc#1027712).