CVE 2004-1000
lintian 1.23 and earlier removes the working directory even if it was not created by lintian, which may allow local users to delete arbitrary files or directories via a symlink attack.
See the 
CVE page on Mitre.org
for more details.
