The version of lpr that was distributed with Debian GNU/Linux 2.1 and the updated version released in 2.1r4 have a two security problems - Local users can obtain root access and remote users can access the print server. Debian security homepage here.
76f28548f53eab0c17b0e5cb003d08d19470656cb9af609506e56f57b0c25ed8