From https://bugzilla.redhat.com/show_bug.cgi?id=867908 :
A denial of service flaw was found in the way xlockmore, X screen lock and screen saver, performed
passing arguments to underlying localtime() call, when the 'dlock' mode was used. An attacker could
use this flaw to potentially obtain unauthorized access to screen / graphical session, previously
locked by another user / victim.
CVE request (containing also patch proposal):
dclock: fix for segmentation violation noticed on NetBSD and now more Y2038
safe thanks to Ignatios Souvatzis <is AT netbsd.org>.
Arch teams, please test and mark stable:
Stable KEYWORDS : alpha amd64 hppa ppc ppc64 sparc x86
stable ppc ppc64
Stable for HPPA.
GLSA vote: yes.
Vote: yes, GLSA request created.
This issue was resolved and addressed in
GLSA 201309-03 at http://security.gentoo.org/glsa/glsa-201309-03.xml
by GLSA coordinator Sergey Popov (pinkbyte).