Christian Seiler prepared new packages for lxc which fixed the following
security problems:

  Roman Fiedler discovered a directory traversal flaw in LXC when
  creating lock files. A local attacker could exploit this flaw to
  create an arbitrary file as the root user.

  Roman Fiedler discovered that LXC incorrectly trusted the container's
  proc filesystem to set up AppArmor profile changes and SELinux domain
  transitions. A malicious container could create a fake proc
  filesystem and use this flaw to run programs inside the container
  that are not confined by AppArmor or SELinux.

For the wheezy-backports distribution the problems have been fixed in
version 1.0.6-6+deb8u1~bpo70+1.