Paul Szabo and Matt Zimmerman discovered two similar problems in metrics, a tools for software metrics. Two scripts in this package, "halstead" and "gather_stats", open temporary files without taking appropriate security precautions. "halstead" is installed as a user program, while "gather_stats" is only used in an auxiliary script included in the source code. These vulnerabilities could allow a local attacker to overwrite files owned by the user running the scripts, including root. The stable distribution (woody) is not affected since it doesn't contain a metrics package anymore. For the old stable distribution (potato) this problem has been fixed in version 1.0-1.1. The unstable distribution (sid) is not affected since it doesn't contain a metrics package anymore. We recommend that you upgrade your metrics package.
Paul Szabo and Matt Zimmerman discovered two similar problems in metrics, a tools for software metrics. Two scripts in this package, "halstead" and "gather_stats", open temporary files without taking appropriate security precautions. "halstead" is installed as a user program, while "gather_stats" is only used in an auxiliary script included in the source code. These vulnerabilities could allow a local attacker to overwrite files owned by the user running the scripts, including root.
The stable distribution (woody) is not affected since it doesn't contain a metrics package anymore.
For the old stable distribution (potato) this problem has been fixed in version 1.0-1.1.
The unstable distribution (sid) is not affected since it doesn't contain a metrics package anymore.
We recommend that you upgrade your metrics package.
MD5 checksums of the listed files are available in the original advisory.
Vulmon