it seems that the last xserver update fixed the problem.
from the changelog of xserver-common:
xorg-server (2:1.11.4-0ubuntu10.5) precise-security; urgency=low
* SECURITY UPDATE: do not use input device names in logging format strings (LP: #996250): - debian/patches/509_log-format-fix.patch: backported upstream changes. - CVE-2012-2118
-- Steve Beattie <email address hidden> Mon, 09 Jul 2012 15:24:55 -0700
it seems that the last xserver update fixed the problem.
from the changelog of xserver-common:
xorg-server (2:1.11. 4-0ubuntu10. 5) precise-security; urgency=low
* SECURITY UPDATE: do not use input device names in logging format patches/ 509_log- format- fix.patch: backported upstream changes.
strings (LP: #996250):
- debian/
- CVE-2012-2118
-- Steve Beattie <email address hidden> Mon, 09 Jul 2012 15:24:55 -0700