Red Hat Bugzilla – Bug 1591449
CVE-2018-10860 perl-Archive-Zip: Directory traversal in Archive::Zip
Last modified: 2018-07-19 14:05:27 EDT
Archive::Zip does not protect against symlinks or '..' path traversals. Attacks similar to CVE-2007-4829 or CVE-2018-12015 also affect Archive::Zip.
Archive::Zip has never been part of upstream Perl release:
$ corelist Archive::Zip
Data for 2018-04-14
Archive::Zip was not in CORE (or so I think)
It's an independent project <https://metacpan.org/release/Archive-Zip>.
Note: summary edited for clarification.
Name: Doran Moppert (Red Hat)
Created perl-Archive-Zip tracking bugs for this issue:
Affects: fedora-all [bug 1596132]
perl-Archive-Zip-1.59-6.fc27 has been pushed to the Fedora 27 stable repository. If problems still persist, please make note of it in this bug report.
perl-Archive-Zip-1.60-3.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report.