[HIGH] Potential RCE if filename starts with phar://

PKSA-x2h6-cyyw-syx8 CVE-2018-1000888 GHSA-3q76-jq6m-573p

Affected package: pear/archive_tar

Affected version: <1.4.4

Reported by:
GitHub, FriendsOfPHP/security-advisories