Bug#802702: CVE-2011-5325: busybox: Directory traversal via crafted tar file which contains a symlink pointing outside of the current directory
> IIRC it was deemed to be low-priority from an LTS point of view so/and
> I could not justify spending more time on it then. Happy to look again
> if there is a more urgent requirement.
Right. It is still unsolved in stable, testing, unstable and upstream,
and the second oldest open CVE on my stable laptop (the oldest is in
ruby, and pending a stable update), so I would like to see it fixed to
reduce the number of known security problems on my machine. :)
Can not say much about the priority or urgency related to other issues,
I've poked upstream too, and hope some solution will materialise.