|Version||6.0-16+deb8u7 (jessie), 6.0-21+deb9u3 (stretch)|
|Related CVEs||CVE-2022-0529 CVE-2022-0530|
Sandipan Roy discovered two vulnerabilities in InfoZIP’s unzip program, a de-archiver for .zip files, which could result in denial of service or potentially the execution of arbitrary code.
For Debian 8 jessie, these problems have been fixed in version 6.0-16+deb8u7.
For Debian 9 stretch, these problems have been fixed in version 6.0-21+deb9u3.
We recommend that you upgrade your unzip packages.
Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/