Steve Kemp discovered a vulnerability in xonix, a game, where an external program was invoked while retaining setgid privileges. A local attacker could exploit this vulnerability to gain gid "games".
For the current stable distribution (woody) this problem will be fixed in version 1.4-19woody1.
For the unstable distribution (sid), this problem will be fixed soon.
We recommend that you update your xonix package.