Bug 35490

Summary: CVE-2018-12015
Product: Sisyphus Reporter: Michael Shigorin <mike>
Component: perl-baseAssignee: viy <viy>
Status: CLOSED FIXED QA Contact: qa-sisyphus
Severity: normal    
Priority: P3 CC: at, crux, rider, viy
Version: unstableKeywords: security
Hardware: all   
OS: Linux   
URL: https://www.cvedetails.com/cve/CVE-2018-12015/

Description Michael Shigorin 2018-10-08 19:42:00 MSK 
In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name. 

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900834
Comment 1 viy 2019-12-05 20:46:53 MSK 
fixed in perl 5.28+