On 2025-08-07 08:47, Lior Kaplan wrote:
I was wondering if you had a chance to look at https://nvd.nist.gov/vuln/detail/CVE-2025-45582
First I've heard of it. Thanks for mentioning it.Sounds like tar by default should refuse to create symlinks to outside the working directory. Those symlinks are trouble anyway, regardless of whether the following program is tar or some other program.
