A vulnerability has been found and corrected in libHX:

Heap-based buffer overflow in the HX_split function in string.c in
libHX before 3.6 allows remote attackers to execute arbitrary code
or cause a denial of service (application crash) via a string that
is inconsistent with the expected number of fields (CVE-2010-2947).

The updated packages have been patched to correct this issue.