On Sun, Jan 28, 2018 at 11:09:09PM +0000, Debian Bug Tracking System wrote:
> This is an automatic notification regarding your Bug report
> which was filed against the p7zip package:
> #888297: p7zip: CVE-2017-17969: ZIP Shrink: Heap Buffer Overflow
> * Hopefully fix ZIP Shrink: Heap Buffer Overflow (CVE-2017-17969). Thanks
> to Antoine Beaupré for the initial patch, based on upstream changes in
> 7Zip 18.00.beta (closes: #888297).
It looks the upload for unstable contained a backport of an earlier
variant. Can you update to the most recent iteration as posted in
The check for cur against kNumItems is missing, not sure this can
cause any further problem.