Debian Security Advisory DSA 959-1 - The Debian Audit Project discovered that unalz, a decompressor for ALZ archives, performs insufficient bounds checking when parsing file names. This can lead to arbitrary code execution if an attacker provides a crafted ALZ archive.
1a750e99e1e7b0bd0b55e0627ceee9ea92cac4f844f2d514b7c69cadfe7194cc