diff -Nru /tmp/2g3BuI5o3M/ltsp-0.87/client/ldm /tmp/cODkWbl1oH/ltsp-0.87.1/client/ldm
--- /tmp/2g3BuI5o3M/ltsp-0.87/client/ldm	2006-05-08 17:23:44.000000000 +0000
+++ /tmp/cODkWbl1oH/ltsp-0.87.1/client/ldm	2008-05-06 14:51:41.000000000 +0000
@@ -53,7 +53,7 @@
         os.dup2(logfile.fileno(), sys.stderr.fileno())
 
         while True:
-            server_opts = ['-br', '-ac', '-noreset']
+            server_opts = ['-br', '-noreset']
             
             if self.use_xfs:
                 server_opts += ['-fp', self.fontpath]
diff -Nru /tmp/2g3BuI5o3M/ltsp-0.87/debian/changelog /tmp/cODkWbl1oH/ltsp-0.87.1/debian/changelog
--- /tmp/2g3BuI5o3M/ltsp-0.87/debian/changelog	2006-05-24 21:10:44.000000000 +0000
+++ /tmp/cODkWbl1oH/ltsp-0.87.1/debian/changelog	2008-05-06 14:54:22.000000000 +0000
@@ -1,3 +1,10 @@
+ltsp (0.87.1) dapper-security; urgency=low
+
+  * fix CVE-2008-1293 (LP: #227295) that made unauthenticated access to the 
+    local X server on the client possible.
+
+ -- Oliver Grawert <ogra@ubuntu.com>  Tue,  6 May 2008 14:51:50 +0000
+
 ltsp (0.87) dapper; urgency=low
 
   * Set default for ltsp-client-builder/run to false, so that it's harmless