On Mon, Dec 29, 2014 at 10:29:28PM +0100, Jakub Wilk wrote: > Package: rar > Version: 2:4.2.0-1 > Tags: security > > RAR follows symlinks when unpacking stuff, even the symlinks that were > created during the same unpack process. > It is therefore possible to create a malicious RAR archive that will be > unpacked into arbitrary directory outside cwd.
What't the status? This bug hasn't seen maintainer acknowledgement in
two years?
Cheers,
Moritz
