diff -Nru /tmp/o2opq9lFKR/ltsp-5.0.39/client/ldm2/src/ldm.c /tmp/WfL2pv6EMw/ltsp-5.0.39.1/client/ldm2/src/ldm.c
--- /tmp/o2opq9lFKR/ltsp-5.0.39/client/ldm2/src/ldm.c	2007-10-08 09:19:00.000000000 +0000
+++ /tmp/WfL2pv6EMw/ltsp-5.0.39.1/client/ldm2/src/ldm.c	2008-05-06 16:50:33.000000000 +0000
@@ -201,7 +201,6 @@
     argv[i++] = "-auth";
     argv[i++] = ldminfo.authfile;
     argv[i++] = "-br";
-    argv[i++] = "-ac";
     argv[i++] = "-noreset";
     if (*ldminfo.fontpath != '\0') {
         argv[i++] = "-fp";
diff -Nru /tmp/o2opq9lFKR/ltsp-5.0.39/debian/changelog /tmp/WfL2pv6EMw/ltsp-5.0.39.1/debian/changelog
--- /tmp/o2opq9lFKR/ltsp-5.0.39/debian/changelog	2007-10-08 09:19:06.000000000 +0000
+++ /tmp/WfL2pv6EMw/ltsp-5.0.39.1/debian/changelog	2008-05-06 16:52:04.000000000 +0000
@@ -1,3 +1,10 @@
+ltsp (5.0.39.1) gutsy-security; urgency=low
+
+  * fix CVE-2008-1293 (LP: #227295) that made unauthenticated access to the
+    local X server on the client possible.
+
+ -- Oliver Grawert <ogra@ubuntu.com>  Tue, 06 May 2008 16:50:56 +0000
+
 ltsp (5.0.39) gutsy; urgency=low
 
   * we want to move the compression log in d-i to target, not taget *sigh*