A format string bug was recently discovered in screen which can be used
to gain elevated privilages if screen is setuid. Debian 2.1 (slink) did
ship screen setuid and the exploit can be used to gain root privilages.
In Debian 2.2 (potato) screen is not setuid, and is not vulnerable to a
root exploit. screen is, however, setgid utmp in Debian 2.2 (potato) and
we recommend upgrading. The advisory is at LWN.net.
September 4, 2000