[HIGH] Potential file overwrite if archive filename starts with file://

PKSA-mrrr-hjw9-vps5 CVE-2020-28949 GHSA-75c5-f4gw-38r9

Affected package: pear/archive_tar

Affected version: <1.4.11

Reported by:
GitHub, FriendsOfPHP/security-advisories