diffoscope before 76 writes to arbitrary locations on disk based on the contents of an untrusted archive. References https://nvd.nist.gov/vuln/detail/CVE-2017-0359 https://security-tracker.debian.org/tracker/CVE-2017-0359 https://github.com/anthraxx/diffoscope/commit/632a40828a54b399787c25e7fa243f732aef7e05 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854723 https://github.com/advisories/GHSA-8p5c-f328-9fvv
