Xorg upstream alerted us to an issue in the x11perfcomp script. The script places a '.' in the PATH environment variable which could result in an attacker being able to execute arbitrary code if a user runs x11perfcomp from an attacker controlled directory.
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2013:0502 https://rhn.redhat.com/errata/RHSA-2013-0502.html
Statement: (none)