That's the title of the report, but the hole was probably plugged since
Python 2.0.  See corresponding checkin to PC/getpathp.c:  a crucial
precondition for joinpath() was neither documented nor verified, and there
are so many callers with so many conditional paths that no "eyeball
analysis" is satisfactory.  Now Python dies with a fatal error if the
precondition isn't satisfied, instead of allowing a buffer overrun.

NOT TESTED!  The Windows version of the patch was, but not this one.  I
don't feel like waiting for someone to notice the patch I attached to the
bug report.  If it doesn't compile, sorry, but fix it <wink>.  If it
does compile, it's "obviously correct".