id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
27659	Arbritrary file overrides in startproject/app template extraction	Florian Apolloner	nobody	"Note: This was reported as security issue intially by me, but we think that this is more hardening than an actual issue -- if you are downloading untrusted archives the content can be much worse anyways…

The issue here is that tar files (and probably zip files too), can store full and/or relative paths and therefore escape out of the extraction root.

Attached is an initial WIP to show the issue and possible solution."	Bug	closed	Utilities	dev	Normal	fixed		Florian Apolloner	Accepted	0	0	0	0	0	0