ASA-201702-14 generated external raw

[ASA-201702-14] diffoscope: arbitrary file overwrite
Arch Linux Security Advisory ASA-201702-14 ========================================== Severity: Medium Date : 2017-02-17 CVE-ID : CVE-2017-0359 Package : diffoscope Type : arbitrary file overwrite Remote : No Link : Summary ======= The package diffoscope before version 77-1 is vulnerable to arbitrary file overwrite. Resolution ========== Upgrade to 77-1. # pacman -Syu "diffoscope>=77-1" The problem has been fixed upstream in version 77. Workaround ========== None. Description =========== It has been discovered that diffoscope may write to arbitrary locations on disk depending on the contents of an untrusted archive. Impact ====== An attacker is able to create a specially crafted archive that, when processed, overwrites arbitrary files on disc. References ==========