tags 440097 + security tags 440099 + security thanks Hi Matthias, After speaking with Kees Cook and Sean Finney in #debian-security we all agreed that this *is* indeed a security issue even if upstream does not agree here. It is a valid argument that a user is supposed to extract a tar archive in a secure way. It is not the job of the user to take care of directory traversal logic via path names or symlinks with examining the tar archive first. Thus readding the security tag.
Kind regards Nico -- Nico Golde - http://ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgpbETJQDMzsZ.pgp
Description: PGP signature
