do not extract files with malicious name
the security implications are not as high as compared to regular tar/unzip archiver. this is because you are anyway trusting the package to install files anywhere in the filesystem. this serves rather as a sanity to check against errors in created package.
Showing with 14 additions and 1 deletion