Debian Security Advisory 1500-1 - Mike Ashton discovered that splitvt, a utility to run two programs in a split screen, did not drop group privileges prior to executing 'xprop'. This could allow any local user to gain the privileges of group utmp.
114ea5757e00b541b0d215690282a991b4b37f238ae60441cafb8b9abd16b2c9