Fixes Issue #6972: The zipfile module no longer overwrites files outside of

its destination path when extracting malicious zip files.
author: Gregory P. Smith <greg@krypto.org> 2013-02-01 19:22:43 (GMT)
committer: Gregory P. Smith <greg@krypto.org> 2013-02-01 19:22:43 (GMT)
commit: b47acbf46abd425f69dcc03e9b4f0c7f7c321ac2 (patch)
tree: 59ab9a68ad10c56a1958a204e3ec154f65874026 /Misc
parent: 04d86c7c87e1f983e8cb01297f3ad71e79738710 (diff)
download: cpython-b47acbf46abd425f69dcc03e9b4f0c7f7c321ac2.zip
cpython-b47acbf46abd425f69dcc03e9b4f0c7f7c321ac2.tar.gz
cpython-b47acbf46abd425f69dcc03e9b4f0c7f7c321ac2.tar.bz2
1 files changed, 3 insertions, 0 deletions
diff --git a/Misc/NEWS b/Misc/NEWS
index 34f4a6b..917ab8d 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -216,6 +216,9 @@ Core and Builtins
 Library
 -------
 
+- Issue #6972: The zipfile module no longer overwrites files outside of
+  its destination path when extracting malicious zip files.
+
 - Issue #4844: ZipFile now raises BadZipFile when opens a ZIP file with an
   incomplete "End of Central Directory" record.  Original patch by Guilherme
   Polo and Alan McIntyre.
author	Gregory P. Smith <greg@krypto.org>	2013-02-01 19:22:43 (GMT)
committer	Gregory P. Smith <greg@krypto.org>	2013-02-01 19:22:43 (GMT)
commit	b47acbf46abd425f69dcc03e9b4f0c7f7c321ac2 (patch)
tree	59ab9a68ad10c56a1958a204e3ec154f65874026 /Misc
parent	04d86c7c87e1f983e8cb01297f3ad71e79738710 (diff)
download	cpython-b47acbf46abd425f69dcc03e9b4f0c7f7c321ac2.zip cpython-b47acbf46abd425f69dcc03e9b4f0c7f7c321ac2.tar.gz cpython-b47acbf46abd425f69dcc03e9b4f0c7f7c321ac2.tar.bz2