Hi,
In
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=476321
it was found that cecilia creates a tempfile in an insecure manner. The CVE is at
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1832
You can find a patch for this issue in the Debian bug report.
Thanks,
James