Several distributions of late have made security releases addressing a problem with symbolic links and race conditions in the /tmp directory. Debian is not vulnerable to this particular problem, but it is possible for the X server socket to be created in an inappropriate directory. While this is not an exploitable security problem, it is not correct behavior, and there will shortly be an updated version of the XFree86 3.3.2.3 packages in the Debian archives. In the meantime, there is a test build available with this problem (as well as few others) rectified. The test build is available at: http://master.debian.org/%7Ebranden/xfree86/ -- G. Branden Robinson | Suffer before God and ye shall be Debian GNU/Linux | redeemed. God loves us, so He makes us branden@ecn.purdue.edu | suffer Christianity. cartoon.ecn.purdue.edu/~branden/ | -- Aaron Dunsmore
Attachment:
pgpbSKLnERBXt.pgp
Description: PGP signature