On Sun, Feb 01, 2026 at 07:24:43PM +0100, Tobias Frost wrote: > https://salsa.debian.org/lts-team/packages/busybox/-/tree/debian/bookworm-CVE-2023-39810 > > However, strictly spoken the fix for this CVE changes busybox behaviour, > as directory traversal was "allowed" before and disallowing it is a > behavioral change.
The patch doesn't change the default, so that seems fine to backport.
Cheers,
Moritz
