Henrique de Moraes Holschuh uploaded new packages for iucode-tool which fixed the following security problems:
CVE-2017-0357 iucode-tool v1.4 to v2.1 is vulnerable to a heap buffer overflow in the -tr (recovery) loader. Using specially-crafted data files and a specially crafted command line, it might be possible to leverage this heap buffer overflow to cause heap corruption, which might allow an attacker to run arbitrary code.
For the jessie-backports distribution the problem has been fixed in version 2.1.1-1~bpo8+1.
For the wheezy-backports distribution, no fix is necessary.
For users building directly from the git repository, all debian/release/* branches have been updated with fixed versions where necessary.