See: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1615 Note tha 0.88.1 fixes this.
*** This bug has been marked as a duplicate of 188881 ***
Reopening, not a duplicate, note the different CVE number, 0.88.1 closes 3 seperate security holes! I have entered 3 bugzilla bugs for this so people can search for CVE and find the appropiate bug for all 3 CVE's . This is sorta kinda security SIG policy and will hopefully become more definite security SIG policy soon.
it should still be closed since it's been fixed