Public CVE-2015-0857 disclosure

Cool Projects TarDiff allows local users to write to arbitrary files via a symlink attack on a pathname in a /tmp/tardiff-$$ temporary directory.