diff --git a/offlineimap/head/debian/changelog b/offlineimap/head/debian/changelog
index 23e7b78..9c246d8 100644
--- a/offlineimap/head/debian/changelog
+++ b/offlineimap/head/debian/changelog
@@ -13,6 +13,7 @@ offlineimap (3.2.2) unstable; urgency=low
   * Added support for /-separated Maildirs -- that is, hierarchical
     Maildir trees.  Fixes [complete.org #28] and, for Debian,
     Closes: #155460.
+  * Preventitive security: Folder names may not contain ./ or start with /.
 
  -- John Goerzen <jgoerzen@complete.org>  Thu, 25 Jul 2002 08:22:25 -0500
 
diff --git a/offlineimap/head/offlineimap/repository/Maildir.py b/offlineimap/head/offlineimap/repository/Maildir.py
index db625ff..194fa59 100644
--- a/offlineimap/head/offlineimap/repository/Maildir.py
+++ b/offlineimap/head/offlineimap/repository/Maildir.py
@@ -46,12 +46,14 @@ class MaildirRepository(BaseRepository):
             for invalid in ['new', 'cur', 'tmp', 'offlineimap.uidvalidity']:
                 for component in foldername.split('/'):
                     assert component != invalid, "When using nested folders (/ as a separator in the account config), your folder names may not contain 'new', 'cur', 'tmp', or 'offlineimap.uidvalidity'."
-                        
+
+        assert oldername.find('./') == -1, "Folder names may not contain ../"
+        assert not foldername.startswith('/'), "Folder names may not begin with /"
         oldcwd = os.getcwd()
         os.chdir(self.root)
-        os.makedirs(folderdir, 0700)
+        os.makedirs(foldername, 0700)
         for subdir in ['cur', 'new', 'tmp']:
-            os.mkdir(os.path.join(folderdir, subdir), 0700)
+            os.mkdir(os.path.join(foldername, subdir), 0700)
         # Invalidate the cache
         self.folders = None
         os.chdir(oldcwd)