The xterm program and Xaw library in versions of XFree86 up to and
including 3.3.2 have a security vulnerability related to the
inputMethod, preeditType and *Keymap resources.  The Xaw problem also
affects any other setuid-root programs that use the Xaw library.

A source patch for this problem (and some other xterm bugs) can be
found in fixes/3.3.2-patch1.  Fixed xterm and Xaw binaries can be
found in the X3321upd.tgz files in the various binaries/* subdirectories.
Information about installing the updated binaries can be found in
the RELNOTES file in this directory.  It is important that the instructions
in this file are followed carefully.  Both the updated xterm and Xaw
library must be installed to fix the xterm problem.

Note that the X332bin.tgz and X332lib.tgz files still contain the original
(buggy) versions.  When installing XFree86 3.3.2 from scratch it is
important to extract the X3321upd.tgz file *after* extracting the others.

3 May 1998