Apps :: Security issue with ZXGV



I was just looking at the XZGV website. The author has posted the following warning about versions 0.8 and before (dsl has 0.7):

Quote
WARNING: There is a known vulnerability in xzgv 0.8 (and all previous versions) such that suitably-constructed images can be made to run arbitrary commands (as the user) when viewed with xzgv. This has the potential to cause serious trouble, so I strongly recommend applying this patch (with e.g. "patch -p0 <xzgv*.diff") before compiling. This is intended as a temporary measure until I can put together a more comprehensive fix (which would be complicated and isn't likely to happen soon), but should be effective in the meantime.


I don't know if this has been brought up before (didn't see it on a quick search).  Should this perhaps be fixed in future versions of dsl?

Or: maybe someone might point me at a how-to for applying the author's patch to dsl.
I'm pleased to see a patch has now been applied in dsl 1.2.1 - though my post wasn't replied to?

Not that it's a big deal, it's just that it is nice to know whether or not one has contributed by flagging something ....
Hush my big fat mouth - it WAS acknowledged ...

here

Just as well I didn't get all pouty!  :p

original here.