On Thu, Apr 14, 2022 at 12:03:33AM +0200, Christian Weisgerber wrote: > Christian Weisgerber: > > > * archivers/unzip (zipgrep) -- AFFECTED > > archive member names are extracted with unzip -Z1, which renders > > \n as ^J. However, the result is processed by shell command > > substitution, so it undergoes field splitting and pathname > > expansion. If a file with an exploitable name is present in the > > current working directory, a archive member with a shell wildcard > > in its name may inadvertently feed it to sed. Yes, it's convoluted. > > The xzgrep fix can be applied. > > Patch below.
ok
