On Fri, Aug 3, 2018 at 5:12 PM Jason A. Donenfeld <Jason at zx2c4.com> wrote: > * A fix for a critical directory traversal vulnerability, when > `enable-http-clone=1` is not turned off, discovered by Jann Horn. > This is pretty nasty and all users must update immediately. This has been assigned CVE-2018-14912.