Created attachment 475062 [details, diff]
app-arch/unzip-6.0_p20: Multiple vulnerabilities CVE-2014-9636, CVE-2014-9913, CVE-2015-1315, CVE-2016-9844
Created attachment 475064 [details, diff]
Created attachment 475066 [details, diff]
Created attachment 475068 [details, diff]
Thank you again.
Debian patchset 21 is out there.
The 2 CVE's removed are tracked in other bugs.
No fix in the patchset for CVE-2015-1315. Would need to apply the patch from this bug.
CVE-2014-9913 is fixed in Debian patchset 21
The vulnerable function was introduced via a patch (06-unzip60-alt-iconv-utf8) which Gentoo does not ship.