Index: Lib/zipfile.py
===================================================================
--- Lib/zipfile.py	(revision 75146)
+++ Lib/zipfile.py	(working copy)
@@ -953,6 +953,9 @@
         """Extract the ZipInfo object 'member' to a physical
            file on the path targetpath.
         """
+        # keep the target path so we can compare against it later
+        basepath = os.path.realpath(targetpath)
+
         # build the destination pathname, replacing
         # forward slashes to platform specific separators.
         # Strip trailing path separator, unless it represents the root.
@@ -968,6 +971,10 @@
 
         targetpath = os.path.normpath(targetpath)
 
+        # make sure the zip file isn't traversing out of the path
+        if not os.path.realpath(targetpath).startswith(basepath):
+            raise BadZipfile, "ZIP file contains files that try to write outside of path"
+
         # Create all upper directories if necessary.
         upperdirs = os.path.dirname(targetpath)
         if upperdirs and not os.path.exists(upperdirs):