Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
MITRE description: xloadimage before 4.1-r2, and xli before 1.17, allows attackers to execute arbitrary commands via shell metacharacters in filenames for compressed images, which are not properly quoted when calling the gunzip command.