On 2026-04-20 07:29, LogicLuminary wrote:
Is it possible to restrict public access to this report or move the
discussion to a private security list until a fix is released to the
distributions?
No, but it's not a big deal as anybody who can control a victim's zgrep
command line can likely do worse via other means. Anyway, I installed
the attached patch and it should appear in the next gzip release, which
should be soon.
Thanks for reporting the problem. Closing the bug report.
From cd74dc30f8cc5814c7805c9cee52302b6d34d811 Mon Sep 17 00:00:00 2001
From: Paul Eggert <[email protected]>
Date: Mon, 20 Apr 2026 10:22:33 -0700
Subject: [PATCH] zgrep: fix quoting typo
* zgrep.in: Fix quoting typo in option parsing.
Problem reported by Leenear (bug#80868).
---
zgrep.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/zgrep.in b/zgrep.in
index f349081..3ba748d 100644
--- a/zgrep.in
+++ b/zgrep.in
@@ -172,7 +172,7 @@ while test $# -ne 0; do
esac
case $option in
- (*\'?*)
+ (*\'*)
option=\'$(printf '%s\n' "$option" | LC_ALL=C sed "$escape");;
(*)
option="'$option'";;
--
2.51.0
