Control: tags -1 + confirmed On Fri, 2026-01-23 at 12:29 +0000, Jeroen Ploemen wrote: > This update fixes the (non-dsa) path traversal vulnerability tracked > as CVE-2026-23949. The vulnerability may allow attackers to extract > files outside the intended extraction directory when malicious tar > archives are processed.
Please go ahead. Regards, Adam
