Colin Watson discovered that the update for stable relased in DSA-2122-1 did not complete address the underlying security issue in all possible scenarios.