Ubuntu Security Notice 1349-1 - It was discovered that the X wrapper incorrectly checked certain console permissions when launched by unprivileged users. An attacker connected remotely could use this flaw to start X, bypassing the console permissions check.
1c42f23752a398bf3b5d5ac117d5bd2075e69736a4ce1f6e67c0f2e952f6da84
Debian Linux Security Advisory 2364-1 - The Debian X wrapper enforces that the X server can only be started from a console. "vladz" discovered that this wrapper could be bypassed.
82594992626681bfa754de5238bc3f543f5d7e88a43d6589f9a0ef5888292669