Debian Linux Security Advisory 3778-1 - Michal Marek discovered that ruby-archive-tar-minitar, a Ruby library that provides the ability to deal with POSIX tar archive files, is prone to a directory traversal vulnerability. An attacker can take advantage of this flaw to overwrite arbitrary files during archive extraction via a .. (dot dot) in an extracted filename.
c28a74b1d780091d7e74cf192097bf7172364ae67c4a0e3192e81a82c7b905b9