Comment 3 for bug 654065

@Rolf
I have set this as a 'security vulnerability' in till a member of the security team can have a look at this.

@All
I have searched the CVE and there is no reference to this issue I could find. As this is a packaging issue I believe this is up to Ubuntu/Debian to fix.

Looking through the Debian bugs I think these two bugs would be of interest to the issue:
*http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=251462
*http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=181315

I do not run a Debian system so cannot confirm if this is an issue in there package.