Mandriva Linux Security Advisory 2010-098 - The name attribute of the file element of metalink files is not properly sanitized before being used to download files. If a user is tricked into downloading from a specially crafted metalink file, this can be exploited to download files to directories outside of the intended download directory via directory traversal attacks. Packages for 2009.0 are provided due to the Extended Maintenance Program. The corrected packages solves these problems.
09e3676c7f7583762062ea839055e0eebfe0537b88f9a84253f3614971c4f5c5