Eric Romang discovered that xpvm, a graphical console and monitor for
PVM, creates a temporary file that allows local attackers to create or
overwrite arbitrary files with the privileges of the user running
xpvm
For the old stable distribution (woody) this problem has been fixed in
version 125-72woody1
For the stable distribution (sarge) this ...