The following reply was made to PR bin/18840; it has been noted by GNATS.

From: Frederick Bruckman <fredb@immanent.net>
To: christos@netbsd.org
Cc: netbsd-bugs@netbsd.org, gnats-bugs@netbsd.org
Subject: Re: bin/18840
Date: Mon, 25 Apr 2005 10:26:51 -0500 (CDT)

 On Sun, 24 Apr 2005, Frederick Bruckman wrote:
 
 > I don't have access to any hosts running current today, but I did verify that 
 > the exploit I described in the PR is blocked, after pulling up the changes in 
 > the message that attached to the PR, to netbsd-2-0. 
 > (src/bin/pax/ar_io.c,v1.42 is a prerequisite for them, by the way.)
 
 Maybe I spoke too soon...
 
 I now can't untar "xscreensaver-4.21.tar.gz" without "--insecure", 
 without all sorts of complaints such as:
 
    tar: Cannot resolve `xscreensaver-4.21/README'
 
 There are no symlinks in the archive. The only thing that stands out 
 is that there's no "./" ahead of every item in the archive.
 
 
 Frederick