Archive-Zip-1.62 (vulnerability fix)
|Reported by:||Owned by:||Bruce Dubbs|
1.62 Sun 19 Aug 2018
- Add link-samename.zip to MANIFEST
1.61 Sat 18 Aug 2018
- File::Find will not untaint [github/ThisUsedToBeAnEmail]
- Prevent from traversing symlinks and parent directories when extracting [github/ppisar]
The latter item is CVE-2018-10860 : perl-archive-zip is vulnerable to a directory traversal in Archive::Zip. It was found that the Archive::Zip module did not properly sanitize paths while extracting zip files. An attacker able to provide a specially crafted archive for processing could use this flaw to write or overwrite arbitrary files in the context of the perl interpreter.