Joxean Koret discovered that inkscape is vulnerable in the SVG importer
(style.cpp), which might allow remote attackers to execute arbitrary code
via a SVG file with long CSS style property values.
For the testing distribution (etch) this is fixed in version 0.43-0.0etch1
For the unstable distribution (sid) this is fixed in version 0.43-1
This upgrade is recommended if you use inkscape.
If you have the secure testing lines in your sources.list, you can update by running this command as root:
apt-get update && apt-get install inkscape
To use the Debian testing security archive, add the following lines to your /etc/apt/sources.list:
deb http://secure-testing-mirrors.debian.net/debian-secure-testing etch-proposed-updates/security-updates main contrib non-free
deb-src http://secure-testing-mirrors.debian.net/debian-secure-testing etch-proposed-updates/security-updates main contrib non-free