diff --git a/unzip-5.5.2-goo-sec.patch b/unzip-5.5.2-goo-sec.patch
new file mode 100644
index 0000000..01593f8
--- /dev/null
+++ b/unzip-5.5.2-goo-sec.patch
@@ -0,0 +1,50 @@
+--- inflate.c	2005-02-27 06:08:46.000000000 +0000
++++ inflate.c	2006-07-19 21:45:33.543595000 +0100
+@@ -983,6 +983,7 @@
+   unsigned l;           /* last length */
+   unsigned m;           /* mask for bit lengths table */
+   unsigned n;           /* number of lengths to get */
++  struct huft *tlp;     
+   struct huft *tl;      /* literal/length code table */
+   struct huft *td;      /* distance code table */
+   unsigned bl;          /* lookup bits for tl */
+@@ -996,6 +997,8 @@
+   int retval = 0;       /* error code returned: initialized to "no error" */
+ 
+ 
++  td = tlp = tl = (struct huft *)NULL;
++
+   /* make local bit buffer */
+   Trace((stderr, "\ndynamic block"));
+   b = G.bb;
+@@ -1047,9 +1050,9 @@
+   while (i < n)
+   {
+     NEEDBITS(bl)
+-    j = (td = tl + ((unsigned)b & m))->b;
++    j = (tlp = tl + ((unsigned)b & m))->b;
+     DUMPBITS(j)
+-    j = td->v.n;
++    j = tlp->v.n;
+     if (j < 16)                 /* length of code in bits (0..15) */
+       ll[i++] = l = j;          /* save last length in l */
+     else if (j == 16)           /* repeat last length 3 to 6 times */
+@@ -1141,6 +1144,7 @@
+       huft_free(td);
+     }
+     huft_free(tl);
++
+     return retval;
+   }
+ 
+@@ -1149,8 +1153,8 @@
+ 
+ cleanup_and_exit:
+   /* free the decoding tables, return */
+-  huft_free(tl);
+-  huft_free(td);
++  if (tl) huft_free(tl);
++  if (td) huft_free(td);
+   return retval;
+ }
+ 
diff --git a/unzip.changes b/unzip.changes
index 3bf3f53..e9992ea 100644
--- a/unzip.changes
+++ b/unzip.changes
@@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Mon Feb  4 13:29:27 CET 2008 - pth@suse.de
+
+- Add patch to fix erroneous freeing of buffers (bnc#358425)
+
 -------------------------------------------------------------------
 Fri Dec  7 12:52:06 CET 2007 - pth@suse.de
 
@@ -8,7 +13,7 @@ Mon Dec  3 13:24:27 CET 2007 - pth@suse.de
 
 - Add patch to extend the maximum file/archive size to 2^32-8193
   (4294959103) bytes.
-- Add patch to fix CVE-2005-2475 (#274156)
+- Add patch to fix CVE-2005-2475 (bnc#274156)
 
 -------------------------------------------------------------------
 Thu Jun 21 17:34:10 CEST 2007 - adrian@suse.de
@@ -19,7 +24,7 @@ Thu Jun 21 17:34:10 CEST 2007 - adrian@suse.de
 Thu May  3 15:25:39 CEST 2007 - pth@suse.de
 
 - Add patch from Takashi Iwai that adds a new option (-S) to
-  unzip and infozip that disables file name translation (#267901).
+  unzip and infozip that disables file name translation (bnc#267901).
 - Recompress tarball with bzip2
 
 -------------------------------------------------------------------
@@ -30,7 +35,7 @@ Fri Jan 27 02:30:41 CET 2006 - mls@suse.de
 -------------------------------------------------------------------
 Thu Jan 26 15:28:44 CET 2006 - pth@suse.de
 
-- Reject file names that are too long (Bugzilla #140304)
+- Reject file names that are too long (bnc#140304)
 - Use stack protector.
 
 -------------------------------------------------------------------
@@ -48,7 +53,7 @@ Thu Dec 15 11:31:51 CET 2005 - pth@suse.de
 -------------------------------------------------------------------
 Mon Jun 13 22:46:31 CEST 2005 - rommel@suse.de
 
-- update to version 5.52 (Bugzilla #67279)
+- update to version 5.52 (bnc#67279)
 
 -------------------------------------------------------------------
 Sat Aug  7 15:03:23 CEST 2004 - rommel@suse.de
diff --git a/unzip.spec b/unzip.spec
index ab2032c..c332109 100644
--- a/unzip.spec
+++ b/unzip.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package unzip (Version 5.52)
 #
-# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
 # This file and all modifications and additions to the pristine
 # package are under the same license as the package itself.
 #
@@ -10,6 +10,7 @@
 
 # norootforbuild
 
+
 Name:           unzip
 License:        BSD 3-Clause
 Group:          Productivity/Archiving/Compression
@@ -17,7 +18,7 @@ Provides:       crunzip
 Obsoletes:      crunzip
 AutoReqProv:    on
 Version:        5.52
-Release:        87
+Release:        105
 Summary:        A program to unpack compressed files
 Source:         unzip552.tar.bz2
 Url:            http://www.info-zip.org/
@@ -29,6 +30,7 @@ Patch5:         unzip-no_file_name_translation.patch
 Patch6:         unzip-near-4GB.patch
 Patch7:         unzip-CVE-2005-2475.patch
 Patch8:         unzip-open_missing_mode.patch
+Patch9:         unzip-5.5.2-goo-sec.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 
 %description
@@ -54,6 +56,7 @@ Authors:
 %patch6
 %patch7
 %patch8
+%patch9
 
 %build
 export RPM_OPT_FLAGS="%optflags -DLARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -fstack-protector"
@@ -85,89 +88,91 @@ done
 %{_bindir}/zipgrep
 
 %changelog
-* Fri Dec 07 2007 - pth@suse.de
+* Mon Feb 04 2008 pth@suse.de
+- Add patch to fix erroneous freeing of buffers (bnc#358425)
+* Fri Dec 07 2007 pth@suse.de
 - Pass file mode when calling open with O_CREAT.
-* Mon Dec 03 2007 - pth@suse.de
+* Mon Dec 03 2007 pth@suse.de
 - Add patch to extend the maximum file/archive size to 2^32-8193
   (4294959103) bytes.
-- Add patch to fix CVE-2005-2475 (#274156)
-* Thu Jun 21 2007 - adrian@suse.de
+- Add patch to fix CVE-2005-2475 (bnc#274156)
+* Thu Jun 21 2007 adrian@suse.de
 - fix changelog entry order
-* Thu May 03 2007 - pth@suse.de
+* Thu May 03 2007 pth@suse.de
 - Add patch from Takashi Iwai that adds a new option (-S) to
-  unzip and infozip that disables file name translation (#267901).
+  unzip and infozip that disables file name translation (bnc#267901).
 - Recompress tarball with bzip2
-* Fri Jan 27 2006 - mls@suse.de
+* Fri Jan 27 2006 mls@suse.de
 - converted neededforbuild to BuildRequires
-* Thu Jan 26 2006 - pth@suse.de
-- Reject file names that are too long (Bugzilla #140304)
+* Thu Jan 26 2006 pth@suse.de
+- Reject file names that are too long (bnc#140304)
 - Use stack protector.
-* Fri Jan 20 2006 - schwab@suse.de
+* Fri Jan 20 2006 schwab@suse.de
 - Don't strip binaries.
-* Thu Dec 15 2005 - pth@suse.de
+* Thu Dec 15 2005 pth@suse.de
 - Compile with (limited) large file support. This will support
   single files exceeding 2 GB as long as the archive stays below
   that theshold.
-* Mon Jun 13 2005 - rommel@suse.de
-- update to version 5.52 (Bugzilla #67279)
-* Sat Aug 07 2004 - rommel@suse.de
+* Mon Jun 13 2005 rommel@suse.de
+- update to version 5.52 (bnc#67279)
+* Sat Aug 07 2004 rommel@suse.de
 - update to version 5.51
   (fixes old security bugs, adds PKWARE's compression code Deflate64)
-* Wed May 19 2004 - ro@suse.de
+* Wed May 19 2004 ro@suse.de
 - added -fno-strict-aliasing
 - really use RPM_OPT_FLAGS
-* Sun Jan 11 2004 - adrian@suse.de
+* Sun Jan 11 2004 adrian@suse.de
 - build as user
-* Tue Sep 23 2003 - rommel@suse.de
+* Tue Sep 23 2003 rommel@suse.de
 - replaced fix for ../ exploit with a fix both for
   the ../ exploit and '/' exploit (Bugzilla #29311)
-* Thu Jul 03 2003 - rommel@suse.de
+* Thu Jul 03 2003 rommel@suse.de
 - added fix for ../ exploit (Bugzilla #27667)
-* Fri Jan 17 2003 - rommel@suse.de
+* Fri Jan 17 2003 rommel@suse.de
 - fixed Summary: to be more verbose about what this package does
-* Wed Sep 18 2002 - ro@suse.de
+* Wed Sep 18 2002 ro@suse.de
 - removed bogus self-provides
-* Fri Jul 05 2002 - kukuk@suse.de
+* Fri Jul 05 2002 kukuk@suse.de
 - Use %%ix86 macro
-* Mon Mar 11 2002 - rommel@suse.de
+* Mon Mar 11 2002 rommel@suse.de
 - Update to 5.50
 - took over parts of pmladek's patch (see below)
-* Thu Jan 24 2002 - grimmer@suse.de
+* Thu Jan 24 2002 grimmer@suse.de
 - added unzip-5.42-iso8859_2.patch to fix coding conversion
   between Microsoft and Linux file names
   (originally from http://www.axis.cz/linux/zip_unzip.php3,
   enhanced to support both ISO8859-1 and ISO8859-2 by Petr Mladek
   <pmladek@suse.cz>)
-* Mon Apr 09 2001 - grimmer@suse.de
+* Mon Apr 09 2001 grimmer@suse.de
 - Update to 5.42
 - file list fixes (new license file, documentation renames)
-* Wed Dec 13 2000 - grimmer@suse.de
+* Wed Dec 13 2000 grimmer@suse.de
 - Update to 5.41 (now includes decryption support)
 - now Provides and Obsoletes crunzip
 - bzipped sources
 - use BuildRoot
-* Tue Feb 29 2000 - schwab@suse.de
+* Tue Feb 29 2000 schwab@suse.de
 - Add support for ia64.
 - /usr/man -> /usr/share/man
-* Wed Dec 22 1999 - grimmer@suse.de
+* Wed Dec 22 1999 grimmer@suse.de
 - Added "Conflicts: crzip" to spec file
 - cleaned up Provides: tag
-* Fri Dec 17 1999 - grimmer@suse.de
+* Fri Dec 17 1999 grimmer@suse.de
 - Spec file cleanups
-* Sat Nov 27 1999 - kukuk@suse.de
+* Sat Nov 27 1999 kukuk@suse.de
 - Use linux_noasm Makefile target on SPARC
-* Mon Sep 13 1999 - bs@suse.de
+* Mon Sep 13 1999 bs@suse.de
 - ran old prepare_spec on spec file to switch to new prepare_spec.
-* Wed Sep 08 1999 - uli@suse.de
+* Wed Sep 08 1999 uli@suse.de
 - uses target linux_noasm for PPC
-* Wed Feb 24 1999 - grimmer@suse.de
+* Wed Feb 24 1999 grimmer@suse.de
 - new version (5.40)
 - specfile modifications
 - added french description
-* Mon Jan 11 1999 - ro@suse.de
+* Mon Jan 11 1999 ro@suse.de
 - use target linux_noasm for alpha
-* Fri Jan 23 1998 - rj@suse.de
+* Fri Jan 23 1998 rj@suse.de
 - version 5.32
-* Thu Feb 06 1997 - rj@suse.de
+* Thu Feb 06 1997 rj@suse.de
 - version 5.12
 - new test/changes/plist files