CVE-2010-3842 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3842): Absolute path traversal vulnerability in curl 7.20.0 through 7.21.1, when the --remote-header-name or -J option is used, allows remote servers to create or overwrite arbitrary files by using \ (backslash) as a separator of path components within the Content-disposition HTTP header.
Fixes for some time already. Closing noglsa.