Changes between Initial Version and Version 12 of Ticket #27391


Ignore:
Timestamp:
03/05/19 11:30:17 (11 months ago)
Author:
jdemeyer
Comment:

I think that this issue should be fixed in Python's tarfile module. Given that it's known since 2014, there is no way that this is a blocker. After reading the upstream issue, it's clear that there are many more potential problems than just paths starting with / or containing ... So this patch doesn't really fix the security hole.

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #27391

    • Property Status changed from new to needs_work
    • Property Cc dcoudert added
    • Property Component changed from refactoring to packages: standard
    • Property Summary changed from some additionnal checks about sws files to some additional checks about sws files
    • Property Branch changed from to u/chapoton/27391
    • Property Report Upstream changed from N/A to Reported upstream. Developers acknowledge bug.
    • Property Commit changed from to 01382e402b2d7ba3f98df8c2e5b31f78218319d6
  • Ticket #27391 – Description

    initial v12  
    11adding some sanity checks for the extraction of sws files.
     2
     3'''Upstream bug''': https://bugs.python.org/issue21109