Control: fixed -1 + 1:2.9.3-1 I just tested this on current stretch and it says:
fatal: invalid path '../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../tmp/moo' And there is a --unsafe-paths that reintroduces the vulnerability. Regards, Ian. -- Ian Jackson <ijack...@chiark.greenend.org.uk> These opinions are my own. If I emailed you from an address @fyvzl.net or @evade.org.uk, that is a private address which bypasses my fierce spamfilter.
