8th Apr 2003 [SBWID-6118]
COMMAND
	metrics insecure temporary file creation
SYSTEMS AFFECTED
	version 1.0
PROBLEM
	In Debian Security Advisory DSA 279-1 :
	Paul  Szabo  and  Matt  Zimmerman  discoverd  two  similar  problems  in
	metrics, a tools for software metrics.  Two  scripts  in  this  package,
	"halstead" and  "gather_stats",  open  temporary  files  without  taking
	appropriate security precautions. "halstead"  is  installed  as  a  user
	program, while "gather_stats"  is  only  used  in  an  auxiliary  script
	included in the source code. These vulnerabilities could allow  a  local
	attacker to overwrite files owned  by  the  user  running  the  scripts,
	including root.
SOLUTION
	The stable  distribution  (woody)  is  not  affected  since  it  doesn't
	contain a metrics package anymore.
	For the old stable distribution (potato) this problem has been fixed  in
	version 1.0-1.1.
	The unstable  distribution  (sid)  is  not  affected  since  it  doesn't
	contain a metrics package anymore.