This bug is to keep track of keylime review report item 4.b:

 ### b) Get Quote Response Contains Possibly Untrusted ZIP Data
 
 The verifier process periodically performs quote operations on registered
 agents. As part of this `process_quote_response()` is called and furthermore
 `check_quote()` and finally `_tpm2_checkquote()`. In `tpm_main.py:1018` a
 couple of ZIP data streams are uncompressed via `zlib.decompress()`.
 
 Since this is processing possibly untrusted data - the verifier is attempting
 to verify the current trust status of the node after all - it needs to be
 assumed that malicous data can also be supplied here.
 
 Therefore the question arises whether `zlib.decompress()` is robust against
 processing invalid ZIP data streams. One thing I already found out is that it
 is not robust against delivering ZIP bombs that will cause a memory exhaustion
 in the verifier process.