Debian Security Advisory DSA 082-1 (xvt)

The remote host is missing an update to xvt announced via advisory DSA 082-1.
Christophe Bailleux reported on bugtraq that Xvt is vulnerable to a buffer overflow in its argument handling. Since Xvt is installed setuid root, it was possible for a normal user to pass carefully-crafted arguments to xvt so that xvt executed a root shell. This problem has been fixed by the maintainer in version 2.1-13 of xvt for Debian unstable and 2.1-13.0potato.1 for the stable Debian GNU/Linux 2.2. We recommend that you upgrade your xvt package immediately.