Re: [Security-sig] Archives (.tar or .zip) with absolute paths

March 10, 2017

      I opened two public bug reports:

tarfile:
http://bugs.python.org/issue29788

zipfile:
http://bugs.python.org/issue29789

It's unclear to me if it's ok or not to backport the new absolute_path
option to stable Python versions, to fix the vulnerability?

Victor

Victor Stinner