It was discovered that the four libcurl functions curl_escape(),
curl_easy_escape(), curl_unescape and curl_easy_unescape accepted
negative string length inputs.
For Debian 7 Wheezy, these problems have been fixed in version
7.26.0-1+wheezy16.
We recommend that you upgrade your curl packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: <https://wiki.debian.org/LTS>