[Security-sig] Archives (.tar or .zip) with absolute paths

Victor Stinner victor.stinner at gmail.com
Fri Mar 10 11:16:03 EST 2017

Previous message (by thread): [Security-sig] Archives (.tar or .zip) with absolute paths
Next message (by thread): [Security-sig] HTML page of Python security vulnerabilities
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I opened two public bug reports:

tarfile:
http://bugs.python.org/issue29788

zipfile:
http://bugs.python.org/issue29789

It's unclear to me if it's ok or not to backport the new absolute_path
option to stable Python versions, to fix the vulnerability?

Victor

Previous message (by thread): [Security-sig] Archives (.tar or .zip) with absolute paths
Next message (by thread): [Security-sig] HTML page of Python security vulnerabilities
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Security-SIG mailing list