As posted to vendor-sec by Raphael Geissert: "During a review of the Debian archive I've found multiple packages with insecure modifications to LD_LIBRARY_PATH, which allow libraries to be loaded from the CWD (like CVE-2010-2953 or the older CVE-2005-4790 and CVE-2005-4791.)"