From: Matthias Pitzl <pitzl@genua.de>
Subject: archivers/unzip: CVE-2021-4217 still open?
To: <ports@openbsd.org>
Date: Tue, 2 Apr 2024 14:17:15 +0200

Hi!

I'm doing vulnerability scanning on some ports and for unzip CVE-2021-4217
seems not fixed.
Ubuntu had a proposed patch under
https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1957077/+attachment/5554956/+files/0001-Fix-null-pointer-dereference-and-use-of-uninitialized-data.patch.

Thanks!

Greetings,
Matthias