Debian package management system is vulnerable to Directory Traversal.The vulnerability comes into play when extracting untrusted source packages in v3 and v3 source package formats that include debian.tar which allows the attacker to send a specially crafted orig.tar and debian.tar tarbells.
git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=1f23dddc17f69c9598477098c7fb9936e15fa495
git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=58814cacee39c4ce9e2cd0e3a3b9b57ad437eff5
git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=7a6c03cb34d4a09f35df2f10779cbf1b70a5200b
git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=faa4c92debe45412bfcf8a44f26e827800bb24be
lists.debian.org/debian-lts-announce/2022/05/msg00033.html
lists.debian.org/debian-security-announce/2022/msg00115.html
secdb.alpinelinux.org/edge/main.yaml
secdb.alpinelinux.org/v3.13/main.yaml
secdb.alpinelinux.org/v3.14/main.yaml
secdb.alpinelinux.org/v3.15/main.yaml
secdb.alpinelinux.org/v3.16/main.yaml
security.netapp.com/advisory/ntap-20221007-0002/