bda [1] filed a deletion request for yorsiur [2]:

Hi, the source archive contain the file
Yorsiur-1.0.0/build/yorsur-1.0.0.tar.gz which seem malicious. When i
gunzipped the archive and open the resulting tar file with vim, this
message appear:
" tar.vim version v32b
" Browsing tarfile
/home/bruno/Downloads/Crash/Yorsiur-1.0.0/build/yorsur-1.0.0.tar
" Select a file with cursor and press ENTER, "x" to extract a file
" Note: Path Traversal Attack detected!

I do not have the knowledge to do more research here but this seem, if
not malicious, strange.

[1] https://aur.archlinux.org/account/bda/
[2] https://aur.archlinux.org/pkgbase/yorsiur/

Reply via email to