Tavis Ormandy of Google Security discovered an invalid pointer flaw in unzip that could lead to the execution of arbitrary code with the privileges of the user running unzip. The updated packages have been patched to correct this issue.