> - copyin.c: Separate out path sanitizing to safer_name_suffix(): Apart from > leading slashes, filter out ".." components from output file names if > --no-absolute-filenames is given, to avoid path traversal. > [CAN-2005-1229] > closes: #306693.
bug submitter here. thanks for working on this. does this mean cpio -i --no-absolute-filenames? i have not tried the new version yet (i will as soon as possible but it will be a while so i wanted to respond now). does it address symlinks with .. also (i.e. my second note)? -- Webmaster: do you believe that people will switch browsers to view your page instead of going to your competitor?
