Serhiy Storchaka <storch...@gmail.com> added the comment: > + # make sure the zip file isn't traversing out of the path > + if not targetpath.startswith(basepath):
Check is insufficient. basepath='/etc/asd', member.filename='../asdfgh'. The issue10905 has relations with this issue. P. S. Viewing patches in this issue is not working. ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue6972> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
