Steve Kemp discovered a buffer overflow in xpcd-svga which can be triggered by a long HOME environment variable. This vulnerability could be exploited by a local attacker to gain root privileges.
For the stable distribution (woody) this problem has been fixed in version 2.08-8woody1.
For the unstable distribution (sid) this problem will be fixed soon.
We recommend that you update your xpcd package.
MD5 checksums of the listed files are available in the original advisory.