File CVE-2019-9674-zip-bomb.patch of Package python.14931

From b73fe12d4d85fc92e4b9658e417046b68fb68ecc Mon Sep 17 00:00:00 2001
From: nick sung <>
Date: Fri, 17 May 2019 15:45:31 +0800
Subject: [PATCH 1/4] bpo-36260: Add pitfalls to zipfile module documentation

We saw vulnerability warning description (including zip bomb) in Doc/library/xml.rst file.
This gave us the idea of documentation improvement.

So, we moved a little bit forward :P
And the doc patch can be found (pr).
 Doc/library/zipfile.rst | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)

--- a/Doc/library/zipfile.rst
+++ b/Doc/library/zipfile.rst
@@ -553,5 +553,47 @@ Command-line options
    Test whether the zipfile is valid or not.
+Decompression pitfalls
+The extraction in zipfile module might fail due to some pitfalls
+listed below.
+From file itself
+Decompression may fail due to incorrect password / CRC checksum
+/ ZIP format or unsupported compression method / decryption.
+File System limitations
+Exceeding limitations on different file systems can cause
+decompression failed. Such as allowable characters in the
+directory entries, length of the file name, length of the
+pathname, size of a single file, and number of files, etc.
+Resources limitations
+The lack of memory or disk volume would lead to decompression
+failed. For example, decompression bombs (aka `ZIP bomb`_) apply
+to zipfile library that can cause disk volume exhaustion.
+Interruption during the decompression, such as pressing control-C
+or killing the decompression process may result in incomplete
+decompression of the archive.
+Default behaviors of extraction
+Not knowing the default extraction behaviors can cause unexpected
+decompression results. For example, when extracting the same
+archive twice, it overwrites files without asking.
+.. _ZIP bomb:
 .. _PKZIP Application Note:
--- /dev/null
+++ b/Misc/NEWS.d/next/Documentation/2019-06-04-09-29-00.bpo-36260.WrGuc-.rst
@@ -0,0 +1 @@
+Add decompression pitfalls to zipfile module documentation.
\ No newline at end of file