ArchLinux: 201702-14: diffoscope: arbitrary file overwrite
Summary
It has been discovered that diffoscope may write to arbitrary locations on disk depending on the contents of an untrusted archive.
Resolution
Upgrade to 77-1.
# pacman -Syu "diffoscope>=77-1"
The problem has been fixed upstream in version 77.
References
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854723 https://salsa.debian.org/reproducible-builds/diffoscope/-/commit/632a40828a54b399787c25e7fa243f732aef7e05 https://security.archlinux.org/CVE-2017-0359
Workaround
None.