Debian Security Advisory DSA 279-1 (metrics)

The remote host is missing an update to metrics announced via advisory DSA 279-1.

Paul Szabo and Matt Zimmerman discoverd two similar problems in metrics, a tools for software metrics. Two scripts in this package, halstead and gather_stats, open temporary files without taking appropriate security precautions. halstead is installed as a user program, while gather_stats is only used in an auxiliary script included in the source code. These vulnerabilities could allow a local attacker to overwrite files owned by the user running the scripts, including root. The stable distribution (woody) is not affected since it doesn't contain a metrics package anymore. For the old stable distribution (potato) this problem has been fixed in version 1.0-1.1. The unstable distribution (sid) is not affected since it doesn't contain a metrics package anymore. We recommend that you upgrade your metrics package.

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20279-1