Jakob Lell discovered a bug in the 'noroff' script included in noweb whereby a temporary file was created insecurely. During a review, several other instances of this problem were found and fixed. Any of these bugs could be exploited by a local user to overwrite arbitrary files owned by the user invoking the script.
For the stable distribution (woody) these problems have been fixed in version 2.9a-7.3.
For old stable distribution (potato) this problem has been fixed in version 2.9a-5.1.
For the unstable distribution (sid) this problem will be fixed soon.
We recommend that you update your noweb package.
MD5 checksums of the listed files are available in the original advisory.