Debian Security Advisory 1838-1 – Tavis Ormandy and Julien Tinnes discovered that the pulseaudio daemon does not drop privileges before re-executing itself, enabling local attackers to increase their privileges.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/79390/dsa-1838-1.txt
Source: https://packetstormsecurity.com/files/79390/Debian-Linux-Security-Advisory-1838-1.html