It has been discovered that diffoscope may write to arbitrary locations on disk depending on the contents of an untrusted archive.
It has been discovered that diffoscope may write to arbitrary locations on disk depending on the contents of an untrusted archive.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854723 https://anonscm.debian.org/git/reproducible/diffoscope.git/commit/?id=632a40828a54b399787c25e7fa243f732aef7e05