This should fix the security vulnerability reported here: <a href="http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494765#5">http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494765#5</a>; and assigned Secunia ID SA31418.

Big ups to Dwayne Litzenberger for his responsible disclosure (not) and the Debian packagers for notifying us of this vulnerability so we could have a patch prepared (not).