Candidate: CVE-2015-4035
PublicDate: 2017-07-25 18:29:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4035
 http://www.openwall.com/lists/oss-security/2015/05/18/7
Description:
 scripts/xzgrep.in in xzgrep 5.2.x before 5.2.0, before 5.0.0 does not
 properly process file names containing semicolons, which allows remote
 attackers to execute arbitrary code by having a user run xzgrep on a
 crafted file name.
Ubuntu-Description: 
Notes: 
Bugs: 
Priority: medium
Discovered-by: Bart Dopheide
Assigned-to: 
CVSS:
 nvd: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H [7.8 HIGH]

Patches_xz-utils:
upstream_xz-utils: released (5.0.0)
precise_xz-utils: not-affected (5.1.1alpha+20110809-3)
trusty_xz-utils: not-affected (5.1.1alpha+20110809-3)
trusty/esm_xz-utils: not-affected (5.1.1alpha+20110809-3)
utopic_xz-utils: not-affected (5.1.1alpha+20110809-3)
vivid_xz-utils: not-affected (5.1.1alpha+20110809-3)
devel_xz-utils: not-affected (5.1.1alpha+20110809-3)