We have received reports that the version of mirror as distributed in Debian
GNU/Linux 2.1 could be remotely exploited. When mirroring a remote site, its
malicious owner could use filename-constructions like ".." that
would cause mirror to work one level above the target directory for the
mirrored files and thus unknowingly overwrite local data.
