CVE-2012-1093 fixed?

This CVE is related to a possible symlink attack for X11-common, which is part of the ubuntu xorg 1:7.7+19ubuntu14 source package for Focal.

Reading through the original Debian bug issue and reviewing the code in x11-common_7.7+19ubuntu14_all.deb (below) it looks like this is fixed here:

set_up_dir () {
  DIR="/tmp/$1"

  if [ "$VERBOSE" != no ]; then
    log_progress_msg "$DIR"
  fi
  # if $DIR exists and isn't a directory, move it aside
  if [ -e $DIR ] && ! [ -d $DIR ] || [ -h $DIR ]; then
    mv "$DIR" "$(mktemp -d $DIR.XXXXXX)"
  fi

  error=0
  while :; do
    if [ $error -ne 0 ] ; then
      # an error means the file-system is readonly or an attacker
      # is doing evil things, distinguish by creating a temporary file,
      # but give up after a while.
      if [ $error -gt 5 ]; then
        log_failure_msg "failed to set up $DIR"
        return 1
      fi
      fn="$(mktemp /tmp/testwriteable.XXXXXXXXXX)" || return 1
      rm "$fn"
    fi
    mkdir -p -m 01777 "$DIR" || { rm "$DIR" || error=$((error + 1)) ; continue ; }
    case "$(LC_ALL=C stat -c '%u %g %a %F' "$DIR")" in
      "0 0 1777 directory")
        # everything as it is supposed to be
        break
        ;;
      "0 0 "*" directory")
        # as it is owned by root, cannot be replaced with a symlink:
        chmod 01777 "$DIR"
        break
        ;;
      *" directory")
        # if the chown succeeds, the next step can change it savely
        chown -h root:root "$DIR" || error=$((error + 1))
        continue
        ;;
      *)
        log_failure_msg "failed to set up $DIR"
        return 1
        ;;
    esac
  done

If this is fixed, can the ubuntu security page for this cve related to Focal be updated to reflect this, right now it provides a status as “needed“ If it is not actually fixed, would someone point out what I am missing?