I might suggest that checking just "../" is short sighted.
Checking for combinations of one or more "../" that
pass $TOP of the tree are the dangers.  Beneath my tar
"tree", I don't and shouldn't care about relative links;
only when it passes the TOP of the tree do I get anxious.

Quoting Jason R Thorpe (thorpej@wasabisystems.com):
> On Wed, Oct 23, 2002 at 11:10:19PM +0900, Shin'ichiro TAYA wrote:
> 
>  > After switching to pax based tar, tar ignores filenames that contain `..'.
>  > But some distfile for pkgsrc contains symlinks that points to file
>  > contain '..' then failes to extract.
> 
> Actually, I think the new GNU tar does this too.
> 
> -- 
>         -- Jason R. Thorpe <thorpej@wasabisystems.com>