Ubuntu Security Notice 589-1 - Tavis Ormandy discovered that unzip did not correctly clean up pointers. If a user or automated service was tricked into processing a specially crafted ZIP archive, a remote attacker could execute arbitrary code with user privileges.
8cc553b6a816c24515cc31acc6cf6171af40bb0e0c2cd4f80121484f410e4e20