It was reported [1] that the compression code for MaraDNS contained a programming error where allocating an array of integers was allocated in bytes instead of sizeof(int) units. This resulted in a buffer being too small, allowing it to be overwritten by sending MaraDNS a specially-crafted packet, which could crash MaraDNS. MaraDNS 1.4.06 and 1.3.07.11 was released to correct this problems. A patch to correct the flaw is included in the original report. [1] http://thread.gmane.org/gmane.network.dns.maradns.general/1907
The original report seems to be here: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610834
*** This bug has been marked as a duplicate of bug 673573 ***