Errata overview
Errata ID 583
Date 2019-09-11
Source package unzip
Fixed in version 6.0-21+deb9u2
This update addresses the following issue:
* Unzip mishandles the overlapping of files inside a ZIP container, leading
  to denial of service (resource consumption), aka a "better zip bomb" issue.
Additional notes
CVE ID CVE-2019-13232
UCS Bug number #50151