It was reported  that arc is susceptible to directory traversal.
$ arc x traversal.arc
Extracting file: /tmp/moo
$ ls -l /tmp/moo
-rw-r--r-- 1 jwilk users 4 Jan 4 2015 /tmp/moo
The script I used to create the test case is available at:
No patches available at this time.
Created arc tracking bugs for this issue:
Affects: fedora-all [bug 1179143]
Affects: epel-all [bug 1179144]
arc-5.21p-5.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
arc-5.21p-5.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.
CVE-2015-9275 was assigned for this issue.
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.