perl-archive-zip: Regression of #1279

[l2dy]

CVE IDs (if any)

CVE-2018-10860

Other security advisory IDs (if any)

MGASA-2018-0311, openSUSE-SU-2018:2438-1

Patches (if any)

1279, updating to 1.64 instead is recommended.

PoC(s) (if any)

N/A

Additional descriptions (if applicable)

• CVE-2018-10860: Prevent directory traversal caused by not properly sanitizing paths while extracting zip files. An attacker able to provide a specially crafted archive for processing could have used this flaw to write or overwrite arbitrary files in the context of the perl interpreter

Architectural progress

Please remove any architecture to which the security vulnerabilities do not apply.

• [x] Data or Architecture-Independent (noarch)

[MingcongBai]

Fixed with https://github.com/AOSC-Dev/aosc-os-abbs/commit/34a9f442c4c6f88bbc7d32caefc726ab34c52c69. Closing.

[l2dy]

Use AOSA-2018-0403.