Copied from
ubuntu xenial in
Private PPA for Ubuntu Security Team
by Mike Salvatore
Changelog
plexus-archiver (2.2-1+deb9u1build0.16.04.1) xenial-security; urgency=medium
* fake sync from Debian
plexus-archiver (2.2-1+deb9u1) stretch-security; urgency=high
* Non-maintainer upload by the Security Team.
* Fail when trying to extract outside of dest dir (CVE-2018-1002200)
Fixes arbitrary file write vulnerability using a specially crafted zip
file. (Closes: #900953)
-- Mike Salvatore <email address hidden> Fri, 09 Nov 2018 11:14:32 -0500