http://cvs.fedoraproject.org/viewvc/devel/gzip/gzip-1.3.5-cve-2006-4337_len.patch?view=co

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4337

--- gzip-1.3.5/unlzh.c.len	2006-11-22 09:35:10.000000000 +0100
+++ gzip-1.3.5/unlzh.c	2006-11-22 09:38:52.000000000 +0100
@@ -199,7 +199,7 @@
 	    }
 	    *p = ch;
 	}
-	start[len] = nextcode;
+	start[len] = start[len] + weight[len];
     }
 }