Hi. I've just uploaded unzip 6.0-21 for unstable, which fixes both CVE-2014-9913 and CVE-2016-9844.
You will need this from debian/patches: 18-cve-2014-9913-unzip-buffer-overflow.patch 19-cve-2016-9844-zipinfo-buffer-overflow.patch but for wheezy I would drop again the .patch ending I've just added to all patches to be consistent with the other debian/patches/* in wheezy (but this is only my personal sense of aesthetics, since this is a do-o-crazy, whoever makes the LTS version decides about this :-) Thanks.
