It was reported [1] that arc is susceptible to directory traversal. Original report: ... $ pwd /home/jwilk $ arc x traversal.arc Extracting file: /tmp/moo $ ls -l /tmp/moo -rw-r--r-- 1 jwilk users 4 Jan 4 2015 /tmp/moo The script I used to create the test case is available at: https://bitbucket.org/jwilk/path-traversal-samples ... No patches available at this time. [1]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774527
Created arc tracking bugs for this issue: Affects: fedora-all [bug 1179143] Affects: epel-all [bug 1179144]
arc-5.21p-5.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
arc-5.21p-5.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.
CVE-2015-9275 was assigned for this issue.
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.