Marcus Meissner discovered that the PulseAudio sound server performed insufficient checks when dropping privileges, which could lead to local privilege escalation. The old stable distribution (sarge) doesn't contain pulseaudio.