im - insecure temporary files

Tatsuya Kinoshita discovered that IM, which contains interface
commands and Perl libraries for E-mail and NetNews, creates temporary
files insecurely.

• The impwagent program creates a temporary directory in an insecure
  manner in /tmp using predictable directory names without checking
  the return code of mkdir, so it’s possible to seize a permission
  of the temporary directory by local access as another user.
• The immknmz program creates a temporary file in an insecure manner
  in /tmp using a predictable filename, so an attacker with local
  access can easily create and overwrite files as another user.

These problems have been fixed in version 141-18.1 for the current
stable distribution (woody), in version 133-2.2 of the old stable
distribution (potato) and in version 141-20 for the unstable
distribution (sid).

We recommend that you upgrade your IM package.