xz-utils (5.2.5-2ubuntu0.1) impish-security; urgency=medium * SECURITY UPDATE: arbitrary file overwrite or code execution with crafted file names - debian/patches/CVE-2022-1271.patch: fix escaping of malicious filenames in src/scripts/xzgrep.in. - CVE-2022-1271 -- Marc Deslauriers <email address hidden> Fri, 08 Apr 2022 08:55:34 -0400