As stated in  (but I have no idea if and how this affects us):
* Modify dpkg-source to error out when it would apply patches containing
insecure paths (with "/../") and also error out when it would apply a
patch through a symlink. Those checks are required as patch will happily
modify files outside of the target directory and unpacking a source package
should not be able to have any side-effect outside of the target
directory. Fixes CVE-2010-0396.
The issue is fixed in both 1.14.29, which we no longer distribute, and 1.15.6, which will enter the tree shortly.
 http://packages.qa.debian.org/d/dpkg/news/20100315T110309Z.html (dpkg
1.15.6 is in the tree already.
deb-tools: is it ok to go stable?
deb-tools == yvasilev and I so I don't see what's holding you back...
Directory traversal vulnerability in the dpkg-source component in
dpkg before 1.14.29 allows remote attackers to modify arbitrary files
via a crafted Debian source archive.
220.127.116.11 is good to go according to  whereas 1.15.6 is not.
Arch teams, please test and mark stable:
Stable for HPPA.
Tests passed successfully on x86 also.
x86 stable, thanks Andreas
ppc64 doesn't have a version that is marked as stable.
Thanks, folks. GLSA request filed.
Old. No GLSA.