diffoscope may write to arbitrary locations on disk depending on the contents of an untrusted archive. Upstream patch: https://anonscm.debian.org/git/reproducible/diffoscope.git/commit/?id=632a40828a54b399787c25e7fa243f732aef7e05 Related bug containing more details: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854723
Created diffoscope tracking bugs for this issue: Affects: fedora-all [bug 1421774]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.