Debian Linux Security Advisory 2281-1 - Sebastian Krahmer discovered that opie, a system that makes it simple to use One-Time passwords in applications, is prone to a privilege escalation (CVE-2011-2490) and an off-by-one error, which can lead to the execution of arbitrary code (CVE-2011-2489). Adam Zabrocki and Maksymilian Arciemowicz also discovered another off-by-one error (CVE-2010-1938), which only affects the lenny version as the fix was already included for squeeze.
c1534265ead6607e9cdaa8776430d7bb5a00f79dbdf8d6a6931105d8ec20bf6d