Paul Szabo discovered that znew, a script included in the gzip package, creates its temporary files without taking precautions to avoid a symlink attack (CAN-2003-0367).
The gzexe script has a similar vulnerability which was patched in an earlier release but inadvertently reverted.
For the stable distribution (woody) both problems have been fixed in version 1.3.2-3woody1.
For the old stable distribution (potato) CAN-2003-0367 has been fixed in version 1.2.4-33.2. This version is not vulnerable to CVE-1999-1332 due to an earlier patch.
For the unstable distribution (sid) this problem will be fixed soon.
We recommend that you update your gzip package.