*Sigh*, I tested this as soon as THN broke it on twitter, its just for libraries.
Untarring and unzipping as root is dumb (I did it on a throwaway vm so you don't have to...) but linux command line zip and tar are both patched in the shell anyway, since the 1990's for tar and somewhere around 2006 for zip. I didn't even bother testing the other variants. It really is the old 2006 path recursive attack that some libraries were never fixed for still in use, except it has a logo, and people running round twitter trying to make a "name" for themselves in the security community to get hired.
root@testbox:/home/testuser/zip-slip-vulnerability/archives# tar -xvf zip-slip.tar
good.txt
tar: Removing leading `../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../' from member names
tar: ../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../tmp/evil.txt: Member name contains '..'
tar: Exiting with failure status due to previous errors
root@testbox:/home/testuser/zip-slip-vulnerability/archives# ls -la *evil*
ls: cannot access '*evil*': No such file or directory
root@testbox:/home/testuser/zip-slip-vulnerability/archives#
root@testbox:/home/testuser/zip-slip-vulnerability/archives# unzip zip-slip.zip
Archive: zip-slip.zip
extracting: good.txt
warning: skipped "../" path component(s) in ../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../tmp/evil.txt
extracting: tmp/evil.txt
root@testbox:/home/testuser/zip-slip-vulnerability/archives# ls -lR tmp
tmp:
total 4
-rw-r--r-- 1 root root 20 Apr 15 22:04 evil.txt
root@testbox:/home/testuser/zip-slip-vulnerability/archives#