diff --git a/SOURCES/CVE-2018-17828-singlez.patch b/SOURCES/CVE-2018-17828-singlez.patch
new file mode 100644
index 0000000..7343ab1
--- /dev/null
+++ b/SOURCES/CVE-2018-17828-singlez.patch
@@ -0,0 +1,59 @@
+diff --git a/bins/unzip-mem.c b/bins/unzip-mem.c
+index c45cb72..ff564a5 100644
+--- a/bins/unzip-mem.c
++++ b/bins/unzip-mem.c
+@@ -88,10 +88,53 @@ static void zzip_mem_entry_pipe(ZZIP_MEM_DISK* disk,
+     }
+ }
+
++
++
++
++static inline void
++remove_dotdotslash(char *path)
++{
++    /* Note: removing "../" from the path ALWAYS shortens the path, never adds to it! */
++    char *dotdotslash;
++    int warned = 0;
++
++    dotdotslash = path;
++    while ((dotdotslash = strstr(dotdotslash, "../")) != NULL)
++    {
++        /*
++         * Remove only if at the beginning of the pathname ("../path/name")
++         * or when preceded by a slash ("path/../name"),
++         * otherwise not ("path../name..")!
++         */
++        if (dotdotslash == path || dotdotslash[-1] == '/')
++        {
++            char *src, *dst;
++            if (!warned)
++            {
++                /* Note: the first time through the pathname is still intact */
++                fprintf(stderr, "Removing \"../\" path component(s) in %s\n", path);
++                warned = 1;
++            }
++            /* We cannot use strcpy(), as there "The strings may not overlap" */
++            for (src = dotdotslash+3, dst=dotdotslash; (*dst = *src) != '\0'; src++, dst++)
++                ;
++        }
++        else
++            dotdotslash +=3;	/* skip this instance to prevent infinite loop */
++    }
++}
++
+ static void zzip_mem_entry_make(ZZIP_MEM_DISK* disk, 
+ 				ZZIP_MEM_ENTRY* entry)
+ {
+-    FILE* file = fopen (entry->zz_name, "w");
++    char name_stripped[PATH_MAX+1];
++    FILE* file;
++
++    strncpy(name_stripped, entry->zz_name, PATH_MAX);
++    name_stripped[PATH_MAX]='\0';
++    remove_dotdotslash(name_stripped);
++    
++    file = fopen (name_stripped, "wb");
+     if (file) { zzip_mem_entry_pipe (disk, entry, file); fclose (file); }
+     perror (entry->zz_name);
+     if (status < EXIT_WARNINGS) status = EXIT_WARNINGS;
diff --git a/SPECS/zziplib.spec b/SPECS/zziplib.spec
index 44f8469..f278d72 100644
--- a/SPECS/zziplib.spec
+++ b/SPECS/zziplib.spec
@@ -1,7 +1,7 @@
 Summary: Lightweight library to easily extract data from zip files
 Name: zziplib
 Version: 0.13.68
-Release: 7%{?dist}
+Release: 8%{?dist}
 License: LGPLv2+ or MPLv1.1
 Group: Applications/Archiving
 URL: http://zziplib.sourceforge.net/
@@ -23,6 +23,7 @@ Patch8: CVE-2018-16548.part2.patch
 Patch9: CVE-2018-16548.part3.patch
 
 Patch10: CVE-2018-17828.patch
+Patch11: CVE-2018-17828-singlez.patch
 
 BuildRequires: perl-interpreter
 BuildRequires: python3-devel
@@ -87,6 +88,7 @@ zziplib library.
 %patch8 -p1
 %patch9 -p1
 %patch10 -p1
+%patch11 -p1
 
 pathfix.py -i %{__python3} -pn docs
 
@@ -138,6 +140,10 @@ make install DESTDIR=%{buildroot}
 %{_mandir}/man3/*
 
 %changelog
+* Tue Oct 16 2018 Jakub Martisko <jamartis@redhat.com> - 0.13.68-8
+- Fix CVE-2018-17828 in the "single z" binaries
+- Resolves: #1772447
+
 * Tue Oct 16 2018 Jakub Martisko <jamartis@redhat.com> - 0.13.68-7
 - Fix CVE-2018-17828
 - Resolves: #1635890