Comment 1 for bug 261938

I don't really like this. The source code only declares statically sized buffers and makes *no* attempt on bounds checking. I. e. it is not hard to create fuzzified zoo archives which create exploitable stack overflows, etc. Also, upstream hasn't updated the program in 6 years. I guess the fact that .zoo archives aren't popular contributes to the fact of being dead upstream and not being examined by security analysts.

Do you consider zoo archives important enough to warrant the Recommends: in clamav? If so, and the MIR should stand, the code needs some serious overhaul.

Third issue is that zoo archives are