Debian Libarchive-Zip-Perl vulnerabilities

CVE-2018-10860 [MEDIUM] CVE-2018-10860: libarchive-zip-perl - perl-archive-zip is vulnerable to a directory traversal in Archive::Zip. It was ... perl-archive-zip is vulnerable to a directory traversal in Archive::Zip. It was found that the Archive::Zip module did not properly sanitize paths while extracting zip files. An attacker able to provide a specially crafted archive for processing could use this flaw to write or overwrite arbitrary files in the context of the perl interpreter. Scope: loc

CVE-2004-1096 [HIGH] CVE-2004-1096: libarchive-zip-perl - Archive::Zip Perl module before 1.14, when used by antivirus programs such as am... Archive::Zip Perl module before 1.14, when used by antivirus programs such as amavisd-new, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system. Scope: local bookworm: resolved (fixed in 1.14-1) bullseye: r