Debian Security Advisory DSA 160-1 (scrollkeeper)

The remote host is missing an update to scrollkeeper announced via advisory DSA 160-1.
Spybreak discovered a problem in scrollkeeper, a free electronic cataloging system for documentation. The scrollkeeper-get-cl program creates temporary files in an insecure manner in /tmp using guessable filenames. Since scrollkeeper is called automatically when a user logs into a Gnome session, an attacker with local access can easily create and overwrite files as another user. This problem has been fixed in version 0.3.6-3.1 for the current stable distribution (woody) and in version 0.3.11-2 for the unstable distribution (sid). The old stable distribution (potato) is not affected, since it doesn't contain the scrollkeeper package. We recommend that you upgrade your scrollkeeper packages immediately.