diff -u eterm-0.9.4.0debian1/debian/changelog eterm-0.9.4.0debian1/debian/changelog
--- eterm-0.9.4.0debian1/debian/changelog
+++ eterm-0.9.4.0debian1/debian/changelog
@@ -1,3 +1,12 @@
+eterm (0.9.4.0debian1-2.1) unstable; urgency=high
+
+  * Non-maintainer upload by the Security Team.
+  * Fix opening the terminal on display :0 if no DISPLAY environment
+    variable is specified to prevent local attackers from highjacking
+    X11 connections in certain environments (CVE-2008-1692; Closes: #473127)
+
+ -- Nico Golde <nion@debian.org>  Tue, 15 Apr 2008 19:15:59 +0200
+
 eterm (0.9.4.0debian1-2) unstable; urgency=low
 
   * debian/copyright: uploaded wrong copy in 0.9.4.0debian1-1 
only in patch2:
unchanged:
--- eterm-0.9.4.0debian1.orig/src/startup.c
+++ eterm-0.9.4.0debian1/src/startup.c
@@ -96,7 +96,8 @@
 
     /* Open display, get options/resources and create the window */
     if (getenv("DISPLAY") == NULL) {
-        display_name = STRDUP(":0");
+        libast_print_error("can't open display, DISPLAY not set?!\n");
+        exit(EXIT_FAILURE);
     } else {
         display_name = STRDUP(getenv("DISPLAY"));
     }