A null pointer dereference vulnerability was found in p7zip. Malformed 7z file could cause the application to crash.
Created p7zip tracking bugs for this issue:
Affects: fedora-all [bug 1394794]
Affects: epel-all [bug 1394795]
p7zip 16.02 + more CVE-2016-9296.patch  = p7zip 16.02-2
Fixed In Version field here is meant to note fixed upstream version. Based on your comment 2, it should not note 16.02. If there is not fixed upstream version yet, it should be left blank.