Steve Grubb found that the vcdiff script in Emacs create temporary files insecurely when used with SCCS. A local user could exploit a race condition to create or overwrite files with the privileges of the user invoking the program . The updated packages have been patched to correct this issue.