CVE-2015-8768
The CVE concerns the Python-based Click package (install.py) where file names in tarballs are not required to start with ./, enabling a crafted package to bypass checks and install an alternate security policy, potentially elevating privileges. Affected component: click/install.py; context mentio...