pecl-zip has been providing zip support for php, and with some version of php (5.2? doesn't matter) it became part of PHP itself and ships with it (ext/zip in the source). This is enabled with USE=zip when building php. Several security issues have been reported against PHP with zip support, so pecl-zip is probably also affected, but it has never seen any fixes (last upstream release is from 2007).
We should verify and probably remove pecl-zip.
confirmed this is vulnerable to CVE-2008-5658. If you do not want to maintain unbundled zip module, then please mask and remove.
Masked and will be removed.
# Christian Hoffmann <firstname.lastname@example.org> (12 Apr 2009)
# Masked for security (bug 265756), unmaintained upstream (last release
# two years ago), will be removed in 30 days. Use dev-lang/php with
# USE=zip as a replacement, which is actively maintained and has more
(In reply to comment #2)
> Masked and will be removed.
And was removed.
noglsa? and closing?