Xorg upstream alerted us to an issue in the x11perfcomp script. The script
places a '.' in the PATH environment variable which could result in an
attacker being able to execute arbitrary code if a user runs x11perfcomp
from an attacker controlled directory.
This issue has been addressed in following products:
Red Hat Enterprise Linux 6
Via RHSA-2013:0502 https://rhn.redhat.com/errata/RHSA-2013-0502.html