Debian Linux Security Advisory 4226-1 – Jakub Wilk discovered a directory traversal flaw in the Archive::Tar module, allowing an attacker to overwrite any file writable by the extracting user via a specially crafted tar archive.

Source: Debian Security Advisory 4226-1