There is another open issue with CSharpCompress - we've seen 3-4 so far in the past.

We're not directly affected as the vulnerable path isn't used by our code but this is a good opportunity to drop it as we only use a trivial amount of functionality the bulk of which we can get from the .NET CLR itself via DeflateStream and then just add the basic header + Alder CRC checks.