Hi! I looked at this problematic package.

Package has changelog in debian subfolder. Here is:

===
curl (7.25.0-1maemo2) fremantle; urgency=low
* Maemo package cleanup

-- Ludek Finstrle <luf@pzkagis.cz> Fri, 30 Mar 2012 10:07:43 +0200

curl (7.25.0-1maemo1) fremantle; urgency=high
* New upstream release
- Fix builds with proxy or http disabled
- Fix a numeric overflow in parsing date
- COOKIES: strip the numerical ipv6 host properly
- Fix CONNECT: fix multi interface regression
http://curl.haxx.se/mail/lib-2012-03/0162.html
- SWS: refuse to serve CONNECT unless running as proxy
- Update detection logic of getaddrinfo() thread-safeness
- Fix --libcurl option output file text translation mode
- Fix OOM handling
- Fix resolve with c-ares: don't resolve IPv6 when not working
http://curl.haxx.se/mail/lib-2012-03/0045.html
- SMTP: Changed the curl error code for EHLO and HELO responses

-- Ludek Finstrle <luf@pzkagis.cz> Fri, 23 Mar 2012 09:29:36 +0100
===

Source code of version in extras is here:
http://repository.maemo.org/extras-d...source/c/curl/

tarball curl_7.25.0.orig.tar.gz from extras-devel is same as
upstream 7.25.0 version on: http://curl.haxx.se/download.html

I checked also additional patches and all are only compile flags, nothing more.

So I did not found anything strange in source code (no backdoor, etc..).

Package is only "New upstream release". But still it is bad that anybody
can push new version of maemo core packages (also if it fixing strange bugs)
without any informations...