[issue39341] zipfile: ZIP Bomb vulnerability, don't check announced uncompressed size

Change by STINNER Victor : Added file: https://bugs.python.org/file48845/malicious.zip ___ Python tracker ___ ___ Python-bugs-list mailing l

[issue39341] zipfile: ZIP Bomb vulnerability, don't check announced uncompressed size

Change by STINNER Victor : Added file: https://bugs.python.org/file48844/poc.py ___ Python tracker ___ ___ Python-bugs-list mailing list Uns

[issue39341] zipfile: ZIP Bomb vulnerability, don't check announced uncompressed size

Change by STINNER Victor : Added file: https://bugs.python.org/file48843/create_zip.py ___ Python tracker ___ ___ Python-bugs-list mailing l

[issue39341] zipfile: ZIP Bomb vulnerability, don't check announced uncompressed size

New submission from STINNER Victor : Laish, Amit (GE Digital) reported a vulnerability in the zipfile module to the PSRT list. The module is vulnerable to ZIP Bomb: https://en.wikipedia.org/wiki/Zip_bomb A 100 KB malicious ZIP file announces an uncompressed size of 1 byte but extracting it wr