I opened two public bug reports: tarfile: http://bugs.python.org/issue29788
zipfile: http://bugs.python.org/issue29789 It's unclear to me if it's ok or not to backport the new absolute_path option to stable Python versions, to fix the vulnerability? Victor _______________________________________________ Security-SIG mailing list Security-SIG@python.org https://mail.python.org/mailman/listinfo/security-sig
