On Sat, Feb 10, 2018 at 01:57:28PM -0500, Leo Famulari wrote:
> We need to fix CVE-2018-1000031, CVE-2018-1000032, CVE-2018-1000033,
> CVE-2018-1000034, CVE-2018-1000035 in UnZip:
> 
> http://seclists.org/oss-sec/2018/q1/134
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000031 and etc

Okay, the advisory says that only CVE-2018-1000035 affects our UnZip 6.0
package; the other bugs were apparently introduced after that.

And CVE-2018-1000035 may be mitigated by the compiler. I'll investigate
more.