shell metacharacters mishandled

Hi Erno - The firejail package is in universe and is, therefore, community supported. Could you please report this issue to the upstream project? Thank you!

I reported it upstream and the author replied that it has already been fixed in the latest version, apparently there has been a rewrite of the command line handling. It didn't seem like there was going to be a security advisory on his part or anything.

What's the right way to getting this fixed in Ubuntu?

Thanks for taking the time to report this bug and helping to make Ubuntu better. Since the package referred to in this bug is in universe or multiverse, it is community maintained. If you are able, I suggest coordinating with upstream and posting a debdiff for this issue. When a debdiff is available, members of the security team will review it and publish the package. See the following link for more information: https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures

Is the "Fix Released" status correct for this bug? In https://wiki.ubuntu.com/Bugs/Bug%20statuses it says this indicates the bug is fixed in Ubuntu, but this does not seem to be the case?

Tested with latest upstream version (0.9.50) and can't reproduce the bug.
This is included in Ubuntu 17.10.

It's good that there is a fix in 17.10, but this remote vulnerability remains unfixed in other versions, including LTS releases. I reported this as a xenial bug (like you can see from tags) and there it remains unfixed. I'm not well versed in launchpad usage, how should this be marked in the bug status info?

I added trusty, xenial, and zesty tasks for this bug without verifying which releases need work.

Thanks