Followup-For: Bug #1054290 Sorry, I made an important mistake in my phrasing about these two packages:
> * mupen64plus-core - this appears unaffected in Debian; it declares a > build-time dependency on libminizip-dev, and the build system uses this > when available. I've verified that by recompiling it successfully with the > 'minizip' subproject directory deleted from the filesystem. > * widelands - appears unaffected in Debian; similar to mupen64plus-core, it > declares a dependecy on libminizip-dev, and the build system for the > codebase uses system-provided minizip in preference to the vendored copy. I should not have said that these are unaffected; they may be affected if the system-provided minizip library is vulnerable. Additionally, patching the vendored copy of minizip source code within those packages alone would not help, again for the same reason that they use the system-provided minizip. This is the same condition as the libxlsxwriter case.
