Launchpad.net

CVE 2015-1194

pax 1:20140703 allows remote attackers to write to arbitrary files via a symlink attack in an archive.

See the CVE page on Mitre.org for more details.