summaryrefslogtreecommitdiffstats
path: root/Misc
diff options
context:
space:
mode:
authorGregory P. Smith <greg@krypto.org>2013-02-01 19:31:31 (GMT)
committerGregory P. Smith <greg@krypto.org>2013-02-01 19:31:31 (GMT)
commit193e1be72d2f9bb45e054b38dd9ed1090c45f3bf (patch)
treeed26dbea67939a7a01ea3ee20190285d97fb7645 /Misc
parent0ecd30b4af4f5bd3c9e884a608e0a256ffe8f5fa (diff)
parentb47acbf46abd425f69dcc03e9b4f0c7f7c321ac2 (diff)
downloadcpython-193e1be72d2f9bb45e054b38dd9ed1090c45f3bf.zip
cpython-193e1be72d2f9bb45e054b38dd9ed1090c45f3bf.tar.gz
cpython-193e1be72d2f9bb45e054b38dd9ed1090c45f3bf.tar.bz2
Fixes Issue #6972: The zipfile module no longer overwrites files outside of
its destination path when extracting malicious zip files.
Diffstat (limited to 'Misc')
-rw-r--r--Misc/NEWS3
1 files changed, 3 insertions, 0 deletions
diff --git a/Misc/NEWS b/Misc/NEWS
index cbce33f..32d5125 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -167,6 +167,9 @@ Core and Builtins
Library
-------
+- Issue #6972: The zipfile module no longer overwrites files outside of
+ its destination path when extracting malicious zip files.
+
- Issue #4844: ZipFile now raises BadZipFile when opens a ZIP file with an
incomplete "End of Central Directory" record. Original patch by Guilherme
Polo and Alan McIntyre.
generated by cgit v0.12 at 2025-01-12 08:09:31 (GMT)