Henrique de Moraes Holschuh uploaded new packages for iucode-tool which
fixed the following security problems:

  iucode-tool v1.4 to v2.1 is vulnerable to a heap buffer overflow in
  the -tr (recovery) loader.  Using specially-crafted data files and a
  specially crafted command line, it might be possible to leverage this
  heap buffer overflow to cause heap corruption, which might allow an
  attacker to run arbitrary code.

For the jessie-backports distribution the problem has been fixed in
version 2.1.1-1~bpo8+1.

For the wheezy-backports distribution, no fix is necessary.

For users building directly from the git repository, all
debian/release/* branches have been updated with fixed versions where