The init script in the Debian x11-common package before 1:7.6+12 is vulnerable to a symlink attack that can lead to a privilege escalation during package installation.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 34.1%