Multiple vulnerabilities has been discovered and corrected in flac:

Heap-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1
allows remote attackers to execute arbitrary code via a crafted .flac
file (CVE-2014-9028).

Stack-based buffer overflow in stream_decoder.c in libFLAC before
1.3.1 allows remote attackers to execute arbitrary code via a crafted
.flac file (CVE-2014-8962).

The updated packages provides a solution for these security issues.