tardiff - security update

Several vulnerabilities were discovered in tardiff, a tarball comparison
tool. The Common Vulnerabilities and Exposures project identifies the
following problems:

• CVE-2015-0857
  Rainer Mueller and Florian Weimer discovered that tardiff is prone
  to shell command injections via shell meta-characters in filenames
  in tar files or via shell meta-characters in the tar filename
  itself.
• CVE-2015-0858
  Florian Weimer discovered that tardiff uses predictable temporary
  directories for unpacking tarballs. A malicious user can use this
  flaw to overwrite files with permissions of the user running the
  tardiff command line tool.

For the stable distribution (jessie), these problems have been fixed in
version 0.1-2+deb8u2.

For the unstable distribution (sid), these problems have been fixed in
version 0.1-5 and partially in earlier versions.

We recommend that you upgrade your tardiff packages.