Index: Lib/zipfile.py
===================================================================
--- Lib/zipfile.py	(revision 75150)
+++ Lib/zipfile.py	(working copy)
@@ -953,6 +953,9 @@
         """Extract the ZipInfo object 'member' to a physical
            file on the path targetpath.
         """
+        # keep the target path so we can compare against it later
+        basepath = os.path.normcase(os.path.realpath(targetpath))
+
         # build the destination pathname, replacing
         # forward slashes to platform specific separators.
         # Strip trailing path separator, unless it represents the root.
@@ -966,8 +969,12 @@
         else:
             targetpath = os.path.join(targetpath, member.filename)
 
-        targetpath = os.path.normpath(targetpath)
+        targetpath = os.path.normcase(os.path.realpath(targetpath))
 
+        # make sure the zip file isn't traversing out of the path
+        if not targetpath.startswith(basepath):
+            raise BadZipfile, "ZIP file contains files that try to write outside of path"
+
         # Create all upper directories if necessary.
         upperdirs = os.path.dirname(targetpath)
         if upperdirs and not os.path.exists(upperdirs):