The problem can be corrected by upgrading the affected package to
version 0.94.0-5ubuntu1.3 (for Ubuntu 5.04), or 0.94.0-11ubuntu1.2
(for Ubuntu 5.10). After doing a standard system upgrade you need to
restart dia to effect the necessary changes.
Several format string vulnerabilities have been discovered in dia. By
tricking a user into opening a specially crafted dia file, or a
file with a specially crafted name, this could be exploited to execute
arbitrary code with the user's privileges.