Hi! I looked at this problematic package. Package has changelog in debian subfolder. Here is: === curl (7.25.0-1maemo2) fremantle; urgency=low * Maemo package cleanup -- Ludek Finstrle <luf@pzkagis.cz> Fri, 30 Mar 2012 10:07:43 +0200 curl (7.25.0-1maemo1) fremantle; urgency=high * New upstream release - Fix builds with proxy or http disabled - Fix a numeric overflow in parsing date - COOKIES: strip the numerical ipv6 host properly - Fix CONNECT: fix multi interface regression http://curl.haxx.se/mail/lib-2012-03/0162.html - SWS: refuse to serve CONNECT unless running as proxy - Update detection logic of getaddrinfo() thread-safeness - Fix --libcurl option output file text translation mode - Fix OOM handling - Fix resolve with c-ares: don't resolve IPv6 when not working http://curl.haxx.se/mail/lib-2012-03/0045.html - SMTP: Changed the curl error code for EHLO and HELO responses -- Ludek Finstrle <luf@pzkagis.cz> Fri, 23 Mar 2012 09:29:36 +0100 === Source code of version in extras is here: http://repository.maemo.org/extras-d...source/c/curl/ tarball curl_7.25.0.orig.tar.gz from extras-devel is same as upstream 7.25.0 version on: http://curl.haxx.se/download.html I checked also additional patches and all are only compile flags, nothing more. So I did not found anything strange in source code (no backdoor, etc..). Package is only "New upstream release". But still it is bad that anybody can push new version of maemo core packages (also if it fixing strange bugs) without any informations...