Thank you!

> On 11 Apr 2022, at 10:57, Adolf Belka <adolf.belka(a)ipfire.org> wrote:
> 
> Hi Michael,
> 
> On 11/04/2022 10:13, Michael Tremer wrote:
>> Who would like to grab this one and update XZ?
>> 
> I'll pick it up.
> 
> 
> Regards,
> 
> Adolf.
> 
>>> Begin forwarded message:
>>> 
>>> *From: *Lasse Collin <lasse.collin(a)tukaani.org>
>>> *Subject: **[xz-announce] xzgrep security fix for XZ Utils <= 5.2.5, 5.3.2alpha (ZDI-CAN-16587)*
>>> *Date: *7 April 2022 at 18:10:50 BST
>>> *To: *xz-announce(a)tukaani.org
>>> 
>>> Malicious filenames can make xzgrep to write to arbitrary files
>>> or (with a GNU sed extension) lead to arbitrary code execution.
>>> 
>>> xzgrep from XZ Utils versions up to and including 5.2.5 are
>>> affected. 5.3.1alpha and 5.3.2alpha are affected as well.
>>> This patch works for all of them.
>>> 
>>> This bug was inherited from gzip's zgrep. gzip 1.12 includes
>>> a fix for zgrep.
>>> 
>>> This vulnerability was discovered by:
>>> cleemy desu wayo working with Trend Micro Zero Day Initiative
>>> 
>>> The patch and signature are available here:
>>> 
>>> https://tukaani.org/xz/xzgrep-ZDI-CAN-16587.patch
>>> https://tukaani.org/xz/xzgrep-ZDI-CAN-16587.patch.sig
>>> 
>>> It is also linked from the XZ Utils home page <https://tukaani.org/xz/>.
>>> 
>>> -- 
>>> Lasse Collin
>>> 
>>