Debian Security Advisory DSA 959-1 – The Debian Audit Project discovered that unalz, a decompressor for ALZ archives, performs insufficient bounds checking when parsing file names. This can lead to arbitrary code execution if an attacker provides a crafted ALZ archive.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/43507/dsa-959-1.txt
Source: https://packetstormsecurity.com/files/43507/Debian-Linux-Security-Advisory-959-1.html