New submission from Tarmo Randel: The problem: miscreants are modifying ZIP file header parts so, that Python based automated analysis tools are unable to process the contents of the ZIP file but intended clients are able to open the file and extract the possibly malicious contents.
Github pull request contains patch addressing the issue so that developer can make conscious decision to allow extraction process to complete. Quite important feature for security researchers. ---------- components: Library (Lib) files: ZIP_filename_confusion.pdf messages: 300080 nosy: zyxtarmo priority: normal pull_requests: 3094 severity: normal status: open title: Exception while extracting file from ZIP with non-matching file name in central directory type: behavior versions: Python 2.7 Added file: http://bugs.python.org/file47073/ZIP_filename_confusion.pdf _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue31175> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
