Hi,Looking at https://securitylab.github.com/advisories/GHSL-2025-058_7-Zip/ it seems CVE-2025-53816 is affecting [p]7zip-rar.
The analyzed faulty code lies in CPP/7zip/Compress/Rar5Decoder.cpp which is excluded from [p]7zip (per debian/copyright).
The code is modified in 25.00 import: https://github.com/ip7z/7zip/commit/fc662341e6f85da78ada0e443f6116b978f79f22#diff-88a430830000a0af8a34f1f0839670eea79d7b201bad3e5662e97159075880cbR1905-R1906 The My_ZeroMemory logic appears to have been introduced in the 24.05 import: https://github.com/ip7z/7zip/commit/395149956d696e6e3099d8b76d797437f94a6942#diff-88a430830000a0af8a34f1f0839670eea79d7b201bad3e5662e97159075880cbL1905-R1941 Cheers! Sylvain Beucler Debian LTS Team
