--- /dev/null
+Submitted By: Ken Moffat <ken@kenmoffat.uklinux.net>
+Date: 2005-08-09
+Initial Package Version: 1.0.3
+Upstream Status: Unknown.
+Origin: Jyri Ryska (RedHat) for fedora3
+Description: Fixes filename sanitisation in bzgrep.
+ This fixes CAN-2005-0758 (if a user can be tricked into running
+bzgrep in an untrusted directory containing files with carefully
+crafted filenames, arbitrary commands could be executed as the user
+running bzgrep). Risk is reported as low. I've modified it to force
+the interpreter to be bash, some of the other shells in use won't
+like the bash syntax.
+
+diff -Naur bzip2-1.0.3/bzgrep bzip2-1.0.3-new/bzgrep
+--- bzip2-1.0.3/bzgrep 2004-10-09 12:29:32.000000000 +0100
++++ bzip2-1.0.3-new/bzgrep 2005-08-09 21:36:37.000000000 +0100
+@@ -1,4 +1,4 @@
+-#!/bin/sh
++#!/bin/bash
+
+ # Bzgrep wrapped for bzip2,
+ # adapted from zgrep by Philippe Troin <phil@fifi.org> for Debian GNU/Linux.
+@@ -63,7 +63,11 @@
+ bzip2 -cdfq "$i" | $grep $opt "$pat"
+ r=$?
+ else
+- bzip2 -cdfq "$i" | $grep $opt "$pat" | sed "s|^|${i}:|"
++ j=${i//\\/\\\\}
++ j=${j//|/\\|}
++ j=${j//&/\\&}
++ j=`printf "%s" "$j" | tr '\n' ' '`
++ bzip2 -cdfq "$i" | $grep $opt "$pat" | sed "s|^|${j}:|"
+ r=$?
+ fi
+ test "$r" -ne 0 && res="$r"