[issue21109] tarfile: Traversal attack vulnerability

Daniel Garcia added the comment: The solution in the patch is based on the gnutar solution to this, removing the prefix when extracting and adding. -- ___ Python tracker <http://bugs.python.org/issue21

[issue21109] tarfile: Traversal attack vulnerability

New submission from Daniel Garcia: The application does not validate the filenames inside the tar archive, allowing to extract files in arbitrary path. An attacker can craft a tar file to override files. I've view this vulnerability in libtar: http://lwn.net/Vulnerabilities/587141/