CVE-2018-1000034 (https://nvd.nist.gov/vuln/detail/CVE-2018-1000034): An out-of-bounds read exists in InfoZip UnZip version 6.10c22 that allows an attacker to perform a denial of service and read sensitive memory. CVE-2018-1000033 (https://nvd.nist.gov/vuln/detail/CVE-2018-1000033): An out-of-bounds read exists in InfoZip UnZip version 6.10c22 that allows an attacker to perform a denial of service and read sensitive memory. CVE-2018-1000032 (https://nvd.nist.gov/vuln/detail/CVE-2018-1000032): A heap-based buffer overflow exists in InfoZip UnZip version 6.10c22 that allows an attacker to perform a denial of service or to possibly achieve code execution. CVE-2018-1000031 (https://nvd.nist.gov/vuln/detail/CVE-2018-1000031): A heap-based buffer overflow exists in InfoZip UnZip version 6.10c22 that allows an attacker to perform a denial of service or to possibly achieve code execution.
Follow up on this bug please. From Blocked bug this is fixed in: I believe that we got all those fixed in 6.10c23 based on complaints directly from R. Freingruber (before the CVEs were defined?), except for the LZMA-related problems (which may be handled by disabling the LZMA feature until a better LZMA library is obtained).
Doesn't affect our Gentoo's app-arch/unzip.