Ubuntu Security Notice 909-1 – William Grant discovered that dpkg-source did not safely apply diffs when unpacking source packages. If a user or an automated system were tricked into unpacking a specially crafted source package, a remote attacker could modify files outside the target unpack directory, leading to a denial of service or potentially gaining access to the system.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/87114/USN-909-1.txt
Source: https://packetstormsecurity.com/files/87114/Ubuntu-Security-Notice-909-1.html