On Thursday 08 May 2008, Doug Goldstein wrote:
> Additionally to follow myself up, I believe one of the security
> issues was execution of arbitrary data either when untarred or just
> decompressed (assuming a  specially crafted lzma file).

Can you please point me to the location where this is mentioned. I read 
through the lzma git log, and I all I could find was data corruption 
(which usually is not a security issue) and the mention of the 
word "security" inside the announcement.

Thanks,
Robert