On 7/3/26 12:31 PM, Dr. Thomas Orgis wrote:
Thoughts? As it seems to me, anyone could claim that the BSD patch is vulnerable to CVE-2010-4651, if I'm not missing something here. Apologies in that case;-)
Just because someone decides something is a problem doesn't mean others have to agree. I'd argue that in the world of curlsh, relative paths with .. components are the least of our problems.
Joerg