Fix CVE-2017-5979: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5979 Patch copied from Debian. Index: zziplib-0.13.62/zzip/fseeko.c =================================================================== --- zziplib-0.13.62.orig/zzip/fseeko.c +++ zziplib-0.13.62/zzip/fseeko.c @@ -255,7 +255,7 @@ zzip_entry_findfirst(FILE * disk) return 0; /* we read out chunks of 8 KiB in the hope to match disk granularity */ ___ zzip_off_t pagesize = PAGESIZE; /* getpagesize() */ - ___ ZZIP_ENTRY *entry = malloc(sizeof(*entry)); + ___ ZZIP_ENTRY *entry = calloc(1, sizeof(*entry)); if (! entry) return 0; ___ unsigned char *buffer = malloc(pagesize);