diff -Nru gdm-guest-session-0.27/debian/changelog gdm-guest-session-0.27.1/debian/changelog
--- gdm-guest-session-0.27/debian/changelog	2011-07-14 15:29:47.000000000 +0200
+++ gdm-guest-session-0.27.1/debian/changelog	2012-03-12 16:25:55.000000000 +0100
@@ -1,3 +1,11 @@
+gdm-guest-session (0.27.1) oneiric-security; urgency=low
+
+  * gdm/guest-session-cleanup.sh: Fix arbitrary file deletion in removal of
+    guest files in /tmp. Use find/xargs with 0 separators instead of spaces.
+    (LP: #953044, CVE-2012-0943)
+
+ -- Martin Pitt <martin.pitt@ubuntu.com>  Mon, 12 Mar 2012 16:01:11 +0100
+
 gdm-guest-session (0.27) oneiric; urgency=low
 
   * apparmor/gdm-guest-session: /var/run -> /run and /dev/shm -> /run/shm
diff -Nru gdm-guest-session-0.27/gdm/guest-session-cleanup.sh gdm-guest-session-0.27.1/gdm/guest-session-cleanup.sh
--- gdm-guest-session-0.27/gdm/guest-session-cleanup.sh	2010-09-13 09:35:58.000000000 +0200
+++ gdm-guest-session-0.27.1/gdm/guest-session-cleanup.sh	2012-03-12 16:00:53.000000000 +0100
@@ -35,10 +35,10 @@
 rm -rf "$HOME"
 
 # remove leftovers in /tmp
-find /tmp -mindepth 1 -maxdepth 1 -uid "$UID" | xargs rm -rf || true
+find /tmp -mindepth 1 -maxdepth 1 -uid "$UID" -print0 | xargs -0 rm -rf || true
 
 # remove gdm cache files
-find /var/cache/gdm -mindepth 1 -maxdepth 1 -uid "$UID" | xargs rm -rf || true
+find /var/cache/gdm -mindepth 1 -maxdepth 1 -uid "$UID" -print0 | xargs -0 rm -rf || true
 
 deluser --system "$USER"