Debian security advisory DSA-1435-1 annouces fix for following issue:
It was discovered that on off-by-one in the MS-ZIP decompression code may lead
to the execution of arbitrary code.
Patch for the issue is available in the Gentoo Bugzilla:
and is included in upstream version 0.92.
This issue was addressed in: