CVE 2013-7069
ack 2.00 through 2.11_02 allows remote attackers to execute arbitrary code via a (1) --pager, (2) --regex, or (3) --output option in a .ackrc file in a directory to be searched.
See the 
CVE page on Mitre.org
for more details.
