unzip directory traversal revisited

problem:

well I kinda stumbled over this when i was looking for something else
A while back some fuss was made over the use of .. sequences in archives
because it allows you to craft
an archive which will trojan your system on extraction
the creators of unzip fixed this but apperently didn't cover all bases

when an archive contains a file like ../JELMER.TXT it will skip it and print
out a message like this

jelmer.zip
warning: skipped "../" path component(s) in jelmer.zip
inflating: JELMER.TXT

however when i call it . \003 ./JELMER.txt it extracts it just fine or \001
etc

unzip jelmer.zip
Archive: jelmer.zip
extracting: ../JELMER.TXT

as it basicly ignores these characters

example:

i attached a zip file that illustrates the problem
it was hacked up using a hex editor

vendor status:

i just emailed Zip-Bugs@lists.wku.edu <mailto:Zip-Bugs@lists.wku.edu>

tested on :

UnZip 5.50 on a gentoo linux and freebsd