Multiple format string vulnerabilities in Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allow remote attackers to have an unspecified impact via vectors involving (1) check scripts and (2) the Lintian::Schedule module.
http://www.ubuntu.com/usn/USN-891-1
http://www.securityfocus.com/bid/37975
http://www.debian.org/security/2010/dsa-1979
http://secunia.com/advisories/38379
http://secunia.com/advisories/38375
http://packages.qa.debian.org/l/lintian/news/20100128T015554Z.html
http://packages.debian.org/changelogs/pool/main/l/lintian/lintian_2.3.2/changelog
http://git.debian.org/?p=lintian/lintian.git%3Ba=commit%3Bh=fbe0c92b2ef7e360d13414bf40d6af5507d0c86d
http://git.debian.org/?p=lintian/lintian.git%3Ba=commit%3Bh=c8d01f062b3e5137cf65196760b079a855c75e00