CVE-2008-4936 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4936): faxspool in mgetty 1.1.36 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/faxsp.##### temporary file.
Sorry, I accidentily searched for the wrong package first. *** This bug has been marked as a duplicate of bug 235806 ***