Cf. Debian bug http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=42631
Please let me know if this has been addressed in later versions
if you create a file named ^G (ctrl-g) and open it in joe, you will hear a
beep as the status line is updated; you will also hear it upon exit, when
joe prints the message about not updating the file because it was not
A malicious user could create a file whose name contains more harmful
control characters and wait for another user to open that file in joe
(perhaps inadvertently; e.g. by using the TAB completion of many shells, or
from a graphical user interface).
I admit this is a long shot, but still: filenames should be filtered and
control characters removed before the name of the file is printed.
This potentially affects many other packages as well. grep is also
vulnerable; I will post a separate report for that package, but currently
I don't have the time to check any others.