Tavis Ormandy and Julien Tinnes discovered that the pulseaudio daemon does not drop privileges before re-executing itself, enabling local attackers to increase their privileges. The old stable distribution is not affected by this issue. For the stable distribution , this problem has been fixed in version 0.9.10-3+lenny1. For the unstable distribution , this problem will be fixed soon. We recommend that you upgrade your pulseaudio packages.